On Fri, Mar 14, 2014 at 12:49:09PM -0700, Claus Assmann wrote: > On Fri, Mar 14, 2014, Derek Martin wrote: > > > Unfortunately, sometimes when old code is updated, the maintainer > > forgets to re-check that everything is copacetic. This can still > > happen with the "safe" versions of all these functions too. > > Sure, but those functions significantly reduce the risk.
In general, sure... but in any particular program, not necessarily. It depends on how they're used. It depends on what errors the programmer is inclined to make. And it depends on how the data they are passed gets initialized. Also, as you saw if you looked into Moritz's message, it's not always possible to replace the "unsafe" function with the "safe" one, so it depends on that as well. There's also the practical to consider: If you have a moderately large base of old code that's known to work, that gets updated only infrequently, it's probably not worth spending the time to change the code in every conceivable place to update it to current coding standards. Such a change itself creates many opportunities to introduce new bugs, which will of course need to be discovered, debugged, and fixed. If the code is pretty stable (as Mutt has proven to be) it's very likely far less work to leave the code alone and fix the few bugs that come up in the course of making needed changes, than to make sweeping changes that don't affect the functionality at all. Though, perhaps you can find someone who wants to do that work and is committed to finding and testing every possible code path that may change as a result. Coding is easy/fun/interesting; testing sucks. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpIeimjurwvV.pgp
Description: PGP signature
