This is the mail archive of the gdb-patches@sources.redhat.com mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: about the usage of sprintf in gdb, specifically in gdb/remote.c


> Date: Wed, 25 May 2005 07:04:11 -0700 (PDT)
> From: Wu Zhou <woodzltc@cn.ibm.com>
> cc: mark.kettenis@xs4all.nl, eliz@gnu.org
> 
> 1. Won't introduce overflow. And one can easily see this from the 
> context.  To name an example in function remote_thread_alive:
>  
>   int tid = PIDGET (ptid);
>   char buf[16];
> 
>   if (tid < 0)
>     sprintf (buf, "T-%08x", -tid);
>   else
>     sprintf (buf, "T%08x", tid); 
> 
> In this context, there is no possibility that buf get overflowed. 

That might be so today, but if some day someone changes either the
size of buf[] or the format string, things could become messy.

I'd say, if we leave sprintf here, let's at least use sizeof(buf) in
the call to sprintf instead of a literal 8 in the format string.

As for the other 2 examples, I'd use safer functions there.  It's
unreasonable to request that Joe Random Hacker who happens to read the
code should perform the amount of analysis you demonstrated to
convince him/herself that the code is safe.  Most programmers won't go
to such lengths.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]