Re: [9front] Importing Patches from 9legacy: snprint

Re: [9front] Importing Patches from 9legacy: snprint

[cinap_lenrek]

> I also noticed some places to improve, where we do:
>
>	snprint(buf, sizeof(buf), "%s", thing);
>	foo(strdup(buf))
>
> We could just move to smprint in these cases.
>
> There are also a few places that were't converted but should have
> been, so I'll get those stragglers. New version incoming soon.

very good.

--
cinap

Re: [9front] Importing Patches from 9legacy: snprint

[ori]

>> but a number of them fix overflows where snprint prints a parameter
>> of unspecified size into a buffer of fixed size.
> 
> ok, which one?
>
> all the ones i'v looked at so far are harmless/pointless... but ok.

The ones I saw weren't remote vulnerabilities, if that's what you're
wondering. The overflows came from command line arguments, symbol names,
or ndb paths/attributes.

The bulk of them were benign.
 

> i'm mostly worried if we had a accidentally sizeof(char*) instead of
> sizeof(char[N]) somehere... so just make sure theres no fallout
> with this patch.

Good point. I didn't see any with that issue, but I'm going to look
again. I also noticed some places to improve, where we do:

	snprint(buf, sizeof(buf), "%s", thing);
	foo(strdup(buf))

We could just move to smprint in these cases.

There are also a few places that were't converted but should have
been, so I'll get those stragglers. New version incoming soon.

Re: [9front] Importing Patches from 9legacy: snprint

[cinap_lenrek]

> but a number of them fix overflows where snprint prints a parameter
> of unspecified size into a buffer of fixed size.

ok, which one?

all the ones i'v looked at so far are harmless/pointless... but ok.

i'm mostly worried if we had a accidentally sizeof(char*) instead of
sizeof(char[N]) somehere... so just make sure theres no fallout
with this patch.

--
cinap