On Sun, Feb 3, 2019 at 9:04 PM Mattias Jacobsson <2pi@xxxxxx> wrote:
> On 2019-01-30, Andy Shevchenko wrote:
> > On Wed, Jan 30, 2019 at 5:15 PM Mattias Jacobsson <2pi@xxxxxx> wrote:
> > > + if (len < 0 || len >= 500) {
> >
> > Would it even possible to get a negative number here?
> > Same for any other number than slightly bigger than 36.
>
> snprintf returns a negative number on error. BTW AFAIU the code from
> file2alias.c gets dynamically linked against a libc.
OK.
> > So, what about simple
> >
> > {
> > DEF_FIELD_ADDR(...);
> > size_t len;
> >
> > len = strlen(*guid_string);
> > if (len != ...) {
> > ...
> > }
> > sprintf(...);
> > return 1;
> > }
> >
> > ?
>
> Then we are missing the check that we are within the bounds of alias
I don't see how. By checking a length of string we be sure, that the
result would have a non-arbitrary length.
> as well as the negative code from s*printf(). snprintf() does this nicely
> for us.
This one I agree with, means in the above example we may do
return sprintf(...);
if callers recognize just a sign, or
len = sprintf(...);
if (len < 0)
return len; // -1? 0?
return 1;
otherwise.
--
With Best Regards,
Andy Shevchenko
