From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-39642-listarch-gdb-patches=sources.redhat.com@sources.redhat.com>
Received: (qmail 3028 invoked by alias); 25 May 2005 18:28:22 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 2901 invoked by uid 22791); 25 May 2005 18:28:16 -0000
Received: from legolas.inter.net.il (HELO legolas.inter.net.il) (192.114.186.24)
    by sourceware.org (qpsmtpd/0.30-dev) with ESMTP; Wed, 25 May 2005 18:28:16 +0000
Received: from HOME-C4E4A596F7 (IGLD-83-130-241-88.inter.net.il [83.130.241.88])
	by legolas.inter.net.il (MOS 3.5.8-GR)
	with ESMTP id ELM47944 (AUTH halo1);
	Wed, 25 May 2005 21:27:46 +0300 (IDT)
Date: Thu, 26 May 2005 01:41:00 -0000
Message-Id: <u3bsbma8l.fsf@gnu.org>
From: Eli Zaretskii <eliz@gnu.org>
To: Wu Zhou <woodzltc@cn.ibm.com>
CC: gdb@sources.redhat.com, gdb-patches@sources.redhat.com,
        mark.kettenis@xs4all.nl
In-reply-to: <Pine.LNX.4.63.0505250645170.1089@plinuxt18.cn.ibm.com> (message
	from Wu Zhou on Wed, 25 May 2005 07:04:11 -0700 (PDT))
Subject: Re: about the usage of sprintf in gdb, specifically in gdb/remote.c
Reply-to: Eli Zaretskii <eliz@gnu.org>
References:  <Pine.LNX.4.63.0505250645170.1089@plinuxt18.cn.ibm.com>
X-SW-Source: 2005-05/txt/msg00545.txt.bz2

> Date: Wed, 25 May 2005 07:04:11 -0700 (PDT)
> From: Wu Zhou <woodzltc@cn.ibm.com>
> cc: mark.kettenis@xs4all.nl, eliz@gnu.org
> 
> 1. Won't introduce overflow. And one can easily see this from the 
> context.  To name an example in function remote_thread_alive:
>  
>   int tid = PIDGET (ptid);
>   char buf[16];
> 
>   if (tid < 0)
>     sprintf (buf, "T-%08x", -tid);
>   else
>     sprintf (buf, "T%08x", tid); 
> 
> In this context, there is no possibility that buf get overflowed. 

That might be so today, but if some day someone changes either the
size of buf[] or the format string, things could become messy.

I'd say, if we leave sprintf here, let's at least use sizeof(buf) in
the call to sprintf instead of a literal 8 in the format string.

As for the other 2 examples, I'd use safer functions there.  It's
unreasonable to request that Joe Random Hacker who happens to read the
code should perform the amount of analysis you demonstrated to
convince him/herself that the code is safe.  Most programmers won't go
to such lengths.