> On January 8, 2016 at 6:32 PM P J P <ppan...@redhat.com> wrote:
>
>
> +-- On Fri, 8 Jan 2016, Wolfgang Bumiller wrote --+
> | On Fri, Jan 08, 2016 at 07:29:31PM +0530, P J P wrote:
> | > + if (!strncmp(keyname_buf, "<-", 2))
> | > and remove the 'keyname_len' altogether.
> |
> | This wouldn't catch '<' without '-'. (`sendkey <`)
> | Also, strncmp with a length of 1 (in the original) seems weird.
>
> Ah, true.
>
> | keyname_len is not useless and perhaps it would be best to just do an
> | early error check there as I do below.
> |
> | Alternatively the if() can simply happen after pstrcpy() as a cut-off
> | error should be good enough anyway.
> |
> | @@ -1749,6 +1749,9 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
> | while (1) {
> | separator = strchr(keys, '-');
> | keyname_len = separator ? separator - keys : strlen(keys);
> | + if (keyname_len >= sizeof(keyname_buf))
> | + goto err_out;
> | +
> | pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
>
> Yes, this looks good. With that, maybe 'keyname_len' could be sent to
> pstrcpy() above, instead of sizeof(keyname_buf)? If so, then the subsequent if
>
> could say: if (!strcmp(keyname_buf, "<")).
keyname_len+1 (size instead of length) to include the \0, then yes I think
strcmp can be used this way. The +1 should be fine there (since >= covers
it).
