Re: [Libcdio-devel] Request for Comments: converting libcdio-paranoia C style - which "standard" to use?

[Rocky Bernstein]

Libcdio paranoia has been updated as a one-shot conversion to more-closely
match LLVM C code style. See
https://github.com/rocky/libcdio-paranoia/pull/44 for the changes.

If you have comments or concerns, let me know.

On Fri, May 17, 2024 at 1:01 PM Rocky Bernstein  wrote:

> Sorry for the delayed reply.
>
> Basically I guess I'll use the LLVM C code style since no one has a
> preference and that style seems detailed and specific enough. And the
> formatter is by the same folks, so conformance is probably pretty good.
>
> I plan on doing this as a one shot and only on libcdio paranoia which is
> pretty small. It can live in a branch for a little while too.
>
> I don't see any forced dependencies. While in Python projects there are
> commit hooks that do the formatting, here I don't plan on anything.
> Initially it can be done as a one-shot with no strong requirement of it
> hampering development.
>
> On Mon, May 13, 2024 at 3:47 PM  wrote:
>
>> Rocky Bernstein:
>> ...
>> > For example:
>> >
>> >   for(;endA> > > if(buffA[endA]!=buffB[endB])break;
>>
>> Perfectly readable though a little cramped.
>>
>> [ about clang-format etc. ]
>> > First, any thoughts or comments on this?  Any thoughts on which of the
>> many
>> > C "standard" styles to use? (The great thing about Standards is that
>> there
>> > are so many to choose from!)
>> ...
>>
>>  Not that I have any say in this...
>> It is fine to define a coding style for check-in time, but don't force
>> people to work in that format. Just provide an indent- or clang-format
>> formula to be used before check-in time. Specify it and be done.
>> Do not require any extra dependancies just for the style.
>>
>
> As I mentioned above, initially I'll do this as a one-shot thing. I think
> it cool to add a mechanism for *optional * commit hook (in python
> pre-commit does this), I will leave that for others to do if there is a
> desre.
>
>
>
>>
>> Regards,
>> /Karl Hammar
>>
>>
>>

[Libcdio-devel] RFC: vulnuerability patches (Wa: Vulnerable use of strcpy in iso9660_fs.c)

[Rocky Bernstein]

In the mansour-gashabi-patch branch of libcdio, are some small changes to
the code to reduce some weaknesses in the libcdio code base.

I'd appreciate it if folks would review these changes. If you have problems
seeing the differences, just let me know.

If there is no comment or concern raised about thes, then after about a
week, I will merge this in master.

Attached is a more detailed report that Mansour Gashabi produced in
scanning the code for weaknesses.

Thanks.
- Rocky

On Thu, Apr 4, 2024 at 6:51 PM Rocky Bernstein  wrote:

> I just received a report about a place in libiso9660
> 
> where we use strcpy() instead of strncpy().
>
> If someone has a suggestion for how to fix, please let me know. I can send
> a more detailed report for those interested. Just email me.
>


ALERT.pdf
Description: Adobe PDF document