On 08/18/2010 10:07 AM, Daniel P. Berrange wrote: > Do we actually have any places where printf/sprintf hurts ? [v]as[n]printf are already safe, thanks to the vasprintf module. snprintf is safe, but only indirectly, due to the getaddrinfo module dragging it in (if getaddrinfo is changed to not rely on snprintf, then we would lose the indirect support), but I agree that we should be using virAsprintf in that case, anyways. vsnprintf is not safe, but can easily be made safe at the same time as snprintf. [v][f]printf and [v]sprintf are not safe, with nothing in gnulib to protect them while still staying at LGPLv2+; but I agree that we can probably avoid the issues with these by converting sprintf to virAsprintf, and just being careful with [f]printf. > And just a handful of things using %ll > > $ find -name '*.c' | xargs grep -i printf | grep -i -v asprintf | grep -v virBuffer | grep -v gnulib | grep '%ll' > ./src/storage/storage_backend.c: snprintf(size, sizeof(size), "%lluK", vol->capacity/1024); > ./src/storage/storage_backend.c: snprintf(size, sizeof(size), "%llu", vol->capacity/1024/1024); > ./src/storage/parthelper.c: printf("%s%s%d%c%s%c%s%c%llu%c%llu%c%llu%c", > ./src/storage/parthelper.c: printf("%s%c%s%c%s%c%llu%c%llu%c%llu%c", > ./src/storage/storage_backend_disk.c: snprintf(start, sizeof(start)-1, "%lluB", startOffset); > ./src/storage/storage_backend_disk.c: snprintf(end, sizeof(end)-1, "%lluB", endOffset); > ./src/storage/storage_backend_logical.c: snprintf(size, sizeof(size)-1, "%lluK", vol->capacity/1024); > ./tests/qemuhelptest.c: fprintf(stderr, "Computed flags do not match: got 0x%llx, expected 0x%llx\n", > ./examples/domain-events/events-c/event-test.c: printf("%s EVENT: Domain %s(%d) rtc change %lld\n", __func__, virDomainGetName(dom), For a more complete list of all potential problems, I used: $ git grep '\bv\?s\?f\?printf \?(' \ daemon/ tools/ src/ include/ proxy/ tests/ | wc -l 236 And except for the few you already listed above, none of them had %z or %ll issues. So fixing those few, plus converting snprintf to virAsprintf, seems like a manageable task; I'm now working on it. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list