This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: use of %n in genmodes.c causes trouble on Vista

From: "Aaron Gray" <angray at beeb dot net>
To: "Richard Kenner" <kenner at vlsi1 dot ultra dot nyu dot edu>
Cc: <gcc at gcc dot gnu dot org>
Date: Thu, 7 Jun 2007 04:04:47 +0100
Subject: Re: use of %n in genmodes.c causes trouble on Vista
References: <005e01c7a878$90b6a7e0$306d65da@anykey> <46673803.70109@adacore.com> <001001c7a894$2057f550$0600a8c0@ze4427wm> <10706070250.AA22611@vlsi1.ultra.nyu.edu>

I think a sprintf followed by a strlen and printf is _guarenteed_ to be much more portable than printf's return value. The overhead of the strlen is minimal.
Maybe portable, but how do you choose the length of the buffer to pass
to sprintf!  Ironic: we'd be trading a mostly-bogus security issue for
a buffer overflow problem.

snprintf (from libiberty) ?

we should maybe check the maximum length of identifiers anyway ?

This thing is really trivial security wise anyway.

Aaron

References:
- RE: use of %n in genmodes.c causes trouble on Vista
  - From: Danny Smith
- Re: use of %n in genmodes.c causes trouble on Vista
  - From: Robert Dewar
- Re: use of %n in genmodes.c causes trouble on Vista
  - From: Aaron Gray
- Re: use of %n in genmodes.c causes trouble on Vista
  - From: Richard Kenner

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]