[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: CVS update: subversion/subversion/tests/xml pipatch.xml

From: Greg Stein <gstein_at_lyra.org>
Date: 2001-02-17 23:06:19 CET

On Sat, Feb 17, 2001 at 06:08:13PM -0000, cmpilato@tigris.org wrote:
> 4. Uses of fixed-length char buffers which, while likely to be of
> safe size, would be better handled as dynamically allocated
> buffers of *always* safe size.

Careful, there.

Actually, I said/meant(?) "if a fixed-length buffer is going to be copied
into allocated memory, then you may as well avoid the fixed-length buffer in
the first place [and use svn_string_createf or apr_psprintf or whatever]".

I don't want to advocate tossing *all* fixed length buffers. But if the
contents of that buffer are going to end up in a pool, then (IMO) it *is*
best to remove them. Their presence simply raises a yellow flag (re: buffer
overruns) and impedes quick/easy review of the security.

That said: excellent checkin! My little mind is feeling very hobgoblinish.
Oh wait. Now how does that go? Hobgoblins have little minds? um....


Greg Stein, http://www.lyra.org/
Received on Sat Oct 21 14:36:22 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.