On 7 June 2012 09:13, Markus Armbruster <arm...@redhat.com> wrote: > Peter Maydell <peter.mayd...@linaro.org> writes: >> I think it matters in the general case, yours is just the first >> usage of this API which has caught my attention. We should fix >> the API before adding more uses of it (at the moment it seems to >> be only used in two places). > > What kind of fix do you have in mind?
Option 1: the function should guarantee that it won't ever use more than X bytes of buffer, and provide a #define that corresponds to that maximum length. Option 2: this: vv >> Alternatively, we could have the function return a const char* rather >> than taking a buffer to be filled in. > > Trades the theoretical string truncation problem for a theoretical > dangling pointer problem. Yes, you'd need to come up with some reasonable lifecycle management if you took this option. -- PMM
