This is the mail archive of the
gdb-patches@sources.redhat.com
mailing list for the GDB project.
Re: about the usage of sprintf in gdb, specifically in gdb/remote.c
- From: Eli Zaretskii <eliz at gnu dot org>
- To: Wu Zhou <woodzltc at cn dot ibm dot com>
- Cc: gdb at sources dot redhat dot com, gdb-patches at sources dot redhat dot com, mark dot kettenis at xs4all dot nl
- Date: Wed, 25 May 2005 21:27:54 +0300
- Subject: Re: about the usage of sprintf in gdb, specifically in gdb/remote.c
- References: <Pine.LNX.4.63.0505250645170.1089@plinuxt18.cn.ibm.com>
- Reply-to: Eli Zaretskii <eliz at gnu dot org>
> Date: Wed, 25 May 2005 07:04:11 -0700 (PDT)
> From: Wu Zhou <woodzltc@cn.ibm.com>
> cc: mark.kettenis@xs4all.nl, eliz@gnu.org
>
> 1. Won't introduce overflow. And one can easily see this from the
> context. To name an example in function remote_thread_alive:
>
> int tid = PIDGET (ptid);
> char buf[16];
>
> if (tid < 0)
> sprintf (buf, "T-%08x", -tid);
> else
> sprintf (buf, "T%08x", tid);
>
> In this context, there is no possibility that buf get overflowed.
That might be so today, but if some day someone changes either the
size of buf[] or the format string, things could become messy.
I'd say, if we leave sprintf here, let's at least use sizeof(buf) in
the call to sprintf instead of a literal 8 in the format string.
As for the other 2 examples, I'd use safer functions there. It's
unreasonable to request that Joe Random Hacker who happens to read the
code should perform the amount of analysis you demonstrated to
convince him/herself that the code is safe. Most programmers won't go
to such lengths.