-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Bruno Haible on 4/24/2006 6:12 AM: > Paul Eggert wrote on 2006-03-10: >> I recently redisovered the fact that asctime_r and ctime_r, like >> asctime and ctime, are unsafe functions in the same sense that gets is >> unsafe: they can overrun their output buffers and there's no simple >> way for the user to detect in advance whether this will happen. So >> GNU apps shouldn't use these functions, and I propose that we remove >> these function emulations from gnulib, as follows. Any objections? > > Unlike gets() and the termcap functions, these functions don't need a buffer > of arbitrary size. Only the initially specified size was too small. The > functions would be OK to use in GNU programs if a buffer of size 100 was > used rather than a buffer of size 26, no?
That would work to avoid overflow, but then you are wasting buffer space in the majority of usage patterns. Besides, as the Austin group has remarked, asctime_r and ctime_r also suffer from the fact that they do not honor i18n, and have proposed to obsolete them in the next version of POSIX even though they are still standardized by C99. So you are better off teaching programmers the mindset of using strftime anyways, even if buffer overflow can be avoided with asctime or ctime. - -- Life is short - so eat dessert first! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFETMYA84KuGfSFAYARAqimAJwJcwigiN7otc2XlQjnm31+a6IppQCg0+jN MNhfxM+sEyBOwk+3QR1IWJ4= =hvZm -----END PGP SIGNATURE-----
