Re: Unchecked sprintf/strcat?
* Mon May 22 2006 Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
> On 2006-05-22 11:25:27 +0900, TAKAHASHI Tamotsu wrote:
>
> >> if you don't trust the own code, use functions that raise
> >> an assertion failure when the buffer is overflowed.
> >
> > Thanks for the suggestion.
> > I'd rather add the assertion to safe_strcat and simply use
> > "safe_strcat(dst,sizeof(dst),buf)" than use
> > "if(len>0&&len<sizeof(buf))strcat(dst,len);else return(1);"
> > everywhere.
>
> Be careful about that -- mutt is using truncating string
> functions not just for safety, but also to, well, truncate
> strings.
Sure. I don't think it should exit immediately.
dprint() is enough for debugging purpose.
(safe_strcat is not used in main.c or init.c.
So I think safe_strcat can use dprint.)
> (snprintf *is* being used this way; I don't recall whether
> safe_strcat is.)
As far as I can tell, safe_strcat is not.
But it shouldn't abort on truncating, anyway.
It should only output some debugging message.
When that is not enough, we can still use explicit
assertion with goto or return or mutt_exit.
--
tamo