Re: CVS update: subversion/subversion/tests/xml pipatch.xml

From: Greg Stein <gstein_at_lyra.org>
Date: 2001-02-17 23:06:19 CET

On Sat, Feb 17, 2001 at 06:08:13PM -0000, cmpilato@tigris.org wrote:
>...
> 4. Uses of fixed-length char buffers which, while likely to be of
> safe size, would be better handled as dynamically allocated
> buffers of *always* safe size.

Careful, there.

Actually, I said/meant(?) "if a fixed-length buffer is going to be copied
into allocated memory, then you may as well avoid the fixed-length buffer in
the first place [and use svn_string_createf or apr_psprintf or whatever]".

I don't want to advocate tossing *all* fixed length buffers. But if the
contents of that buffer are going to end up in a pool, then (IMO) it *is*
best to remove them. Their presence simply raises a yellow flag (re: buffer
overruns) and impedes quick/easy review of the security.

That said: excellent checkin! My little mind is feeling very hobgoblinish.
Oh wait. Now how does that go? Hobgoblins have little minds? um....

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Received on Sat Oct 21 14:36:22 2006

This message: [ Message body ]
Next message: Greg Stein: "APR_HASH_KEY_STRING (was: Re: CVS update: subversion/subversion/tests/xml pipatch.xml)"
Previous message: Greg Stein: "Re: CVS update: subversion/subversion/libsvn_client ra_loader.c"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]