* Re: [9front] Importing Patches from 9legacy: snprint
@ 2019-06-12 2:34 cinap_lenrek
0 siblings, 0 replies; 3+ messages in thread
From: cinap_lenrek @ 2019-06-12 2:34 UTC (permalink / raw)
To: 9front
> but a number of them fix overflows where snprint prints a parameter
> of unspecified size into a buffer of fixed size.
ok, which one?
all the ones i'v looked at so far are harmless/pointless... but ok.
i'm mostly worried if we had a accidentally sizeof(char*) instead of
sizeof(char[N]) somehere... so just make sure theres no fallout
with this patch.
--
cinap
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9front] Importing Patches from 9legacy: snprint
@ 2019-06-12 12:02 cinap_lenrek
0 siblings, 0 replies; 3+ messages in thread
From: cinap_lenrek @ 2019-06-12 12:02 UTC (permalink / raw)
To: 9front
> I also noticed some places to improve, where we do:
>
> snprint(buf, sizeof(buf), "%s", thing);
> foo(strdup(buf))
>
> We could just move to smprint in these cases.
>
> There are also a few places that were't converted but should have
> been, so I'll get those stragglers. New version incoming soon.
very good.
--
cinap
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9front] Importing Patches from 9legacy: snprint
@ 2019-06-12 3:33 ori
0 siblings, 0 replies; 3+ messages in thread
From: ori @ 2019-06-12 3:33 UTC (permalink / raw)
To: cinap_lenrek, 9front
>> but a number of them fix overflows where snprint prints a parameter
>> of unspecified size into a buffer of fixed size.
>
> ok, which one?
>
> all the ones i'v looked at so far are harmless/pointless... but ok.
The ones I saw weren't remote vulnerabilities, if that's what you're
wondering. The overflows came from command line arguments, symbol names,
or ndb paths/attributes.
The bulk of them were benign.
> i'm mostly worried if we had a accidentally sizeof(char*) instead of
> sizeof(char[N]) somehere... so just make sure theres no fallout
> with this patch.
Good point. I didn't see any with that issue, but I'm going to look
again. I also noticed some places to improve, where we do:
snprint(buf, sizeof(buf), "%s", thing);
foo(strdup(buf))
We could just move to smprint in these cases.
There are also a few places that were't converted but should have
been, so I'll get those stragglers. New version incoming soon.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-06-12 12:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-12 2:34 [9front] Importing Patches from 9legacy: snprint cinap_lenrek
2019-06-12 3:33 ori
2019-06-12 12:02 cinap_lenrek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).