Re: [Midnight Commander] #1813: Statifc buffer version of name_quote()
- From: Enrico Weigelt <weigelt metux de>
- To: Ticket System <tickets midnight-commander org>
- Cc: MC devel <mc-devel gnome org>
- Subject: Re: [Midnight Commander] #1813: Statifc buffer version of name_quote()
- Date: Tue, 10 Nov 2009 15:09:38 +0100
* MC Ticket System <tickets midnight-commander org> schrieb:
> 1. What about potential buffer overflow in execute_menu_command()
> (src/user.c:654)? User's input parameter is not length-limited.
It will simply get cut-off if its larger than the buffer.
Or simply stay w/ the allocating variant at this point.
> 2. The static buffer is effective when you allocate and free some piece of
> memory very often, many (hundred or thousand) times per second. But
> name_quote() is called once in each place where it's called.
Maybe the saving is not that huge, but malloc()+free() add
some overhead and a chance of memleaks.
Even better would be utilizing alloca(), but that will involve
a bit of preprocessor-fu, eg.:
#define QUOTED_NAME(name,val) \
char* ##name = alloca(strlen(val)*2+2); \
__name_quote_buf(##name,val);
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service - http://www.metux.de/
---------------------------------------------------------------------
Please visit the OpenSource QM Taskforce:
http://wiki.metux.de/public/OpenSource_QM_Taskforce
Patches / Fixes for a lot dozens of packages in dozens of versions:
http://patches.metux.de/
---------------------------------------------------------------------
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
