|
| From: | Eric Mullins |
| Subject: | Re: [XBoard-devel] Buffer overflow |
| Date: | Thu, 22 Dec 2011 18:05:42 -0700 |
| User-agent: | Mozilla/5.0 (Windows NT 5.2; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0 |
On 12/22/2011 4:38 PM, h.g. muller wrote:
At 20:22 22-12-2011 +0100, Byrial Jensen wrote:However there is no reason to replace all occurences of strcat with something else like it is done with strcpy(). I find it a little silly to see calls to safeStrCpy instead of strcpy when you have just allocated a new buffer of the required size, so strcpy would be perfectly safe to use.True. This whole safeStrCpy business is a folly IMO, and it has already caused a lot of grief. But it seems we cannot build for some distributions when we use strcpy, because it is a blacklisted function. I already proposed to subvert this ridiculous demand by simply ading a "#define strcpy myStrCpy" in common.h, and providing our own version of strcpy not detected by these compilers, but Arun wouldn't have it!
A wise move. It's not our place to bypass a design decision made by someone else who must feel strongly about it.
By the same token, I don't see any reason to bend over backwards for such a decision. There are plenty of times strcpy() best tool for the job and can be guaranteed safe. So, in my view, respect their decision, and let them cope with the fact we do in fact still use that function. Certainly xboard isn't the first or last software such a distro would have to decide if it's important enough to invest someone else's time to make work. We can always merge those changes back later if we are so inclined.
| [Prev in Thread] | Current Thread | [Next in Thread] |