Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes: > Hi Eric, > > On Thu, 2 Aug 2018, Eric Sunshine wrote: > >> want_color_fd() is designed to work only with standard input, output, >> and error file descriptors, and stores information about each descriptor >> in an array. However, it doesn't verify that the passed-in descriptor >> lives within that set, which, with a buggy caller, could lead to >> access/assignment outside the array bounds. > > ACK! > > Thanks, > Dscho Did you write a buggy caller that would have been caught or helped with this change? You did not write the callee that is made more defensive with this patch, so I am being curious as to where that Ack is coming from (I wouldn't have felt curious if this were a reviewed-by instead). In any case, this looks like a good defensive measure.
