On Sat, Nov 17, 2012 at 05:25:35PM -0500, Michael Gilbert wrote:
> I've just reviewed this, and it looks mostly good. I did notice
> things like the following:
>
> + FILE *f;
> ++ char path[1024];
> ++ sprintf(path, "%s/%s", getenv("HOME"), ".etw/etw.cfg" );
> + D(bug("Reading configuration...\n"/*-*/));
>
> Note that a hardcoded 1024 isn't very portable. C defines PATH_MAX
> for this purpose. Please use that instead.1024 is more portable than PATH_MAX... This define should have died a couple of decades ago, and it's kept only for compat purposes. If you use it, you'll get a FTBFS on Hurd, as they decided to force the issue and get rid of the blighter. You can sometimes get suggestions to use pathconf(_PC_PATH_MAX), which is even worse, as you'd be dynamically allocating a static buffer. And obviously, the code above has a buffer overflow, no matter if you use 1024 bytes or PATH_MAX. You'd want asprintf() or an equivalent. -- How to squander your resources: those silly Swedes have a sauce named "hovmästarsås", the best thing ever to put on cheese, yet they waste it solely on mere salmon.
signature.asc
Description: Digital signature
