From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1Bc8cz-0004ys-TE for qemu-devel@nongnu.org; Sun, 20 Jun 2004 16:09:22 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1Bc8cy-0004y6-6v for qemu-devel@nongnu.org; Sun, 20 Jun 2004 16:09:21 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1Bc8cy-0004xw-0X for qemu-devel@nongnu.org; Sun, 20 Jun 2004 16:09:20 -0400 Received: from [80.91.224.249] (helo=main.gmane.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1Bc8bO-0006mn-RX for qemu-devel@nongnu.org; Sun, 20 Jun 2004 16:07:43 -0400 Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1Bc8bN-0000i1-00 for ; Sun, 20 Jun 2004 22:07:41 +0200 Received: from dyn-83-157-70-117.ppp.tiscali.fr ([83.157.70.117]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 20 Jun 2004 22:07:41 +0200 Received: from gmane by dyn-83-157-70-117.ppp.tiscali.fr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 20 Jun 2004 22:07:41 +0200 From: "Charlie Gordon" Date: Sun, 20 Jun 2004 22:10:02 +0200 Message-ID: References: <20040619150514.GB1962@sentinelchicken.org> <20040620192652.GA1927@sentinelchicken.org> Sender: news Subject: [Qemu-devel] Re: Re: [PATCH] security_20040618 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org > Based on comments received thus far, including yours, I am reviewing > that section of code (as I mentioned above), and will be releasing a new > revision of the patch in a day or two. I admit, I am not a perfect > programmer. I am merely trying to help out by fixing the tiny problems > that are often missed by programmers that have more important things to > worry about. I appreciate it when people show me where I am wrong, but > could you please keep your criticism a bit more constructive? Sorry if I sounded a bit harsh, I'm sure every contribution is appreciated, and your submitting patches is more helpful than my criticizing them... I merely wanted to emphasize how broken strncpy is and how much more useful pstrcpy is. My suggestion on qemu_strdup is imho constructive :-) and about the only reason this is not completely off topic ;-) But as far as strnpy is concerned, I *want* to be destructive : this C library function is a mess, it doesn't do what most C programmers believe. It causes bugs, or blatant inefficiencies due to the inept null padding on large buffers. It is so unlikely that the precise behaviour of that horrible thing be what is needed in any C program... There are quite a few problems around uses of this function even in gnu software or the linux kernel. There are other candidates for libc functions every programmer should reject disgruntedly : sprintf, gets, strtok, mktemp, tmpnam, tempnam... or any of the C library functions duly tagged in the man pages as never to be used Similarly, extreme care is needed in do/while loops... Charlie the C teaser. --------------------- one of my favorite Q/As : what is wrong with : enum BOOL { FALSE=0, TRUE=1 }; ?