On Wed, Mar 29, 2023 at 5:02 AM Fotis Panagiotopoulos
wrote:
> > In my opinion asprintf should set the pointer to NULL, to be safe.
> > But the calling code should probably be changed as well, because it is
> > not a good coding example for portability.
>
> I'm sceptical about this.
> Setting the
strdup() is much better used. Its functionality is simpler, and its
behavior much better understood by most people.
There are only two places with a strdup without checking the result:
gs2200m.c, line 3503
nxffs_pack.c, line 1092
Either the original author forgot it, or it doesn't matter?
There
> strdup?
Thanks, I will check this too.
I went through all the asprintf calls in the list.
These are the ones that actually need to be fixed.
Everything else is properly checked.
drivers/net/telnet.c
698: ret = asprintf(&devpath, TELNET_DEVFMT, priv->td_minor);
libs/libc/uuid/lib_uuid_to_
I can do that. Apart from asprintf() and vasprintf(), is anyone aware of
any other similarly suspicious functions to check?
strdup?
Dear Apache Project Management Committee (PMC) members,
The Board wants to take just a moment of your time to communicate a few
things that seem to have been forgotten by a number of PMC members,
across the Foundation, over the past few years. Please note that this
is being sent to all projects -
Using ack, these are all uses of asprintf():
drivers/net/telnet.c
698: ret = asprintf(&devpath, TELNET_DEVFMT, priv->td_minor);
libs/libc/uuid/lib_uuid_to_string.c
66: c = asprintf(s,
libs/libc/stdio/lib_tempnam.c
78: asprintf(&template, "%s/%s-XX", dir, pfx);
tools/initialconfig.c
4
> Since, as you point out, this may be a lot of work, I think we should
> try to split the work across several devs...
Yes please, I am beyond burn-out lately...
> To do that, we'd grep for all uses of asprintf() to find out which
> files use it and post that list in reply to this email.
I can d
