PERFORCE change 32072 for review
Robert Watson
rwatson at freebsd.org
Fri May 30 09:22:15 PDT 2003
On Fri, 30 May 2003, Adam Migus wrote:
> Ok, so let left = the maximum string length constant you defined,
> instead of size with the original code. Do the math at the end to
> calculate any discrepancy. The problem's solved, the snprintf()
> semantics are preserved and your original fix is again redundant.
As long as you're slapping down a '\0' inside the string, you'll have to
deal with two lengths: the actual string length, and the desired string
length--you can't dereference to the desired length, but you also can't
return the desired length. In the overflow length, the '\0' handling can
be dropped, since it generates an error condition and there's no
expectation that the string be nul-terminated, so one simplification would
be drop the nul termination rewrite entirely in the overflow case.
That said, I think we're still dealing with an API robustness problem:
this coding error was easy to make because snprintf() and the C string
interfaces aren't robust in the presence of failures. They encourage
coding faults. Moving to sbuf in the long term will help with that
substantially.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the p4-projects
mailing list