[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XBoard-devel] Buffer overflow

From: Eric Mullins
Subject: Re: [XBoard-devel] Buffer overflow
Date: Thu, 22 Dec 2011 18:05:42 -0700
User-agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0

On 12/22/2011 4:38 PM, h.g. muller wrote:
At 20:22 22-12-2011 +0100, Byrial Jensen wrote:
However there is no reason to replace all occurences of strcat with
something else like it is done with strcpy(). I find it a little silly
to see calls to safeStrCpy instead of strcpy when you have just
allocated a new buffer of the required size, so strcpy would be
perfectly safe to use.

True. This whole safeStrCpy business is a folly IMO, and it has already
caused a lot of grief. But it seems we cannot build for some
distributions when we use strcpy, because it is a blacklisted function.
I already proposed to subvert this ridiculous demand by simply ading a
"#define strcpy myStrCpy" in common.h, and providing our own version of
strcpy not detected by these compilers, but Arun wouldn't have it!

A wise move. It's not our place to bypass a design decision made by someone else who must feel strongly about it.

By the same token, I don't see any reason to bend over backwards for such a decision. There are plenty of times strcpy() best tool for the job and can be guaranteed safe. So, in my view, respect their decision, and let them cope with the fact we do in fact still use that function. Certainly xboard isn't the first or last software such a distro would have to decide if it's important enough to invest someone else's time to make work. We can always merge those changes back later if we are so inclined.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]