> In this case, I /know/ that string > b is properly terminated (because I wrote it into the code). So I use > the length of b to compare with a and l = strlen(b). There are other > ways, too, but this was the most unobtrusive way to handle this case.
Huh ... but strcmp will stop comparing at the end of any of the two strings anyway. So I don't see how this: ( https://github.com/gnuradio/gnuradio/commit/c1e91f0200a58a6cb24d1de9422f1a6e2483fc2c ) - if (strcmp (name, all[i]->name ()) == 0){ + if (strncmp (name, all[i]->name(), strlen(all[i]->name())) == 0){ would provide any more safety again "bad" user strings. The only difference this code will make is that now "all[i]->name()" only needs to be a _prefix_ to "name" rather than a full length match. (which may very well fix the original issue but doesn't do much about "unsafe non null terminated strings") Cheers, Sylvain _______________________________________________ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
