Re: [ft-devel] cff_get_name_index crash

[Sean McBride]

On 2007-02-06 17:28, Tom Parker said:

>The strcmp is done without checking that the return value was sane, and

strcmp(), eh?  That made me curious....

I searched the freetype code for strcpy() and found it is used (by way
of ft_strcpy()) quite a lot.  strcpy() is evil.  Someone might want to
consider doing the following replacements:

ft_strcpy, ft_strncpy -> strlcpy
ft_strcat -> strlcat

For info on why, see:
<http://developer.apple.com/documentation/Security/Conceptual/
SecureCodingGuide/Articles/BufferOverflows.html>

--
____________________________________________________________
Sean McBride, B. Eng                 address@hidden
Rogue Research                        www.rogue-research.com
Mac Software Developer              Montréal, Québec, Canada