[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] cff_get_name_index crash
From: |
Sean McBride |
Subject: |
Re: [ft-devel] cff_get_name_index crash |
Date: |
Wed, 7 Feb 2007 10:12:38 -0500 |
On 2007-02-06 17:28, Tom Parker said:
>The strcmp is done without checking that the return value was sane, and
strcmp(), eh? That made me curious....
I searched the freetype code for strcpy() and found it is used (by way
of ft_strcpy()) quite a lot. strcpy() is evil. Someone might want to
consider doing the following replacements:
ft_strcpy, ft_strncpy -> strlcpy
ft_strcat -> strlcat
For info on why, see:
<http://developer.apple.com/documentation/Security/Conceptual/
SecureCodingGuide/Articles/BufferOverflows.html>
--
____________________________________________________________
Sean McBride, B. Eng address@hidden
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada