> Since, as you point out, this may be a lot of work, I think we should > try to split the work across several devs...
Yes please, I am beyond burn-out lately... > To do that, we'd grep for all uses of asprintf() to find out which > files use it and post that list in reply to this email. I can do that. Apart from asprintf() and vasprintf(), is anyone aware of any other similarly suspicious functions to check? > In my opinion asprintf should set the pointer to NULL, to be safe. > But the calling code should probably be changed as well, because it is > not a good coding example for portability. I'm sceptical about this. Setting the pointer to NULL seems more safe, but also it is a change in functionality! Consider the following example: char * msg = "Error message"; asprintf(&msg, "format string", args...); Based on the current functionality, I can directly use msg without any error checking, as it will always be valid. (Either due to its initialization, or due to a successful asprintf). Indeed, this seems like a not-so-great piece of code, but I don't know whether this approach is used anywhere in NuttX (or in user code). On Wed, Mar 29, 2023 at 3:28 AM Tomek CEDRO <to...@cedro.info> wrote: > On Wed, Mar 29, 2023 at 2:14 AM Bernd Walter wrote: > > I think I should open up a ticket for FreeBSD to extend this part in the > manpage. > > Sounds like a trap - I often just look into the FreeBSD manpages, since > this > > is what my desktop runs. > > greetings from a FBSD station to a fellow daemon :-) :-) > > -- > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info >