Re: [Midnight Commander] #1813: Statifc buffer version of name_quote()

* MC Ticket System <tickets midnight-commander org> schrieb:

>  1. What about potential buffer overflow in execute_menu_command()
>  (src/user.c:654)? User's input parameter is not length-limited.

It will simply get cut-off if its larger than the buffer.
Or simply stay w/ the allocating variant at this point.
>  2. The static buffer is effective when you allocate and free some piece of
>  memory very often, many (hundred or thousand) times per second. But
>  name_quote() is called once in each place where it's called.

Maybe the saving is not that huge, but malloc()+free() add 
some overhead and a chance of memleaks.

Even better would be utilizing alloca(), but that will involve
a bit of preprocessor-fu, eg.:

#define QUOTED_NAME(name,val)			\
    char* ##name = alloca(strlen(val)*2+2);	\

 Enrico Weigelt    ==   metux IT service -
 Please visit the OpenSource QM Taskforce:
 Patches / Fixes for a lot dozens of packages in dozens of versions:

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]