From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Christoph Egger" Subject: Re: [PATCH] Use string bounded functions Date: Mon, 29 Jan 2007 12:10:58 +0100 Message-ID: <200701291210.58283.Christoph.Egger@amd.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com Cc: Keir Fraser List-Id: xen-devel@lists.xenproject.org On Monday 29 January 2007 11:52, Keir Fraser wrote: > On 29/1/07 10:10, "Christoph Egger" wrote: > > The attached patch replaces sprintf with snprintf and strncpy with > > strlcpy. > > > > There are various cases where no NULL-terminated strings are guaranteed > > and eventual possible overflows. This patch fixes them. > > > > BTW: Since Xen kernel has its own string functions, can't we just remove > > sprintf() and strncpy()? IMO, Xen should not inherit the historical C > > relicts. > > This makes plenty of sense. Strncpy() in particular is dangerous and > strlcpy() is always preferable. So I'd be happy to see strncat/strncpy die. sprintf() is also dangerous. snprintf() is better. sprintf() should also die. > There are a few uses remaining (particularly in arch/ia64) that you'll have > to fix first. Yeah. But due to lack of hw, I can't even build test for ia64 and ppc. So when I send the patches, intel and ibm have to verify first that they don't break anything. > And please add 'signed-off-by' attribution when you post patches! Will do. Christoph