> Since, as you point out, this may be a lot of work, I think we should
> try to split the work across several devs...
Yes please, I am beyond burn-out lately...
> To do that, we'd grep for all uses of asprintf() to find out which
> files use it and post that list in reply to this email.
I can d
Using ack, these are all uses of asprintf():
drivers/net/telnet.c
698: ret = asprintf(&devpath, TELNET_DEVFMT, priv->td_minor);
libs/libc/uuid/lib_uuid_to_string.c
66: c = asprintf(s,
libs/libc/stdio/lib_tempnam.c
78: asprintf(&template, "%s/%s-XX", dir, pfx);
tools/initialconfig.c
4
Dear Apache Project Management Committee (PMC) members,
The Board wants to take just a moment of your time to communicate a few
things that seem to have been forgotten by a number of PMC members,
across the Foundation, over the past few years. Please note that this
is being sent to all projects -
I can do that. Apart from asprintf() and vasprintf(), is anyone aware of
any other similarly suspicious functions to check?
strdup?
> strdup?
Thanks, I will check this too.
I went through all the asprintf calls in the list.
These are the ones that actually need to be fixed.
Everything else is properly checked.
drivers/net/telnet.c
698: ret = asprintf(&devpath, TELNET_DEVFMT, priv->td_minor);
libs/libc/uuid/lib_uuid_to_
strdup() is much better used. Its functionality is simpler, and its
behavior much better understood by most people.
There are only two places with a strdup without checking the result:
gs2200m.c, line 3503
nxffs_pack.c, line 1092
Either the original author forgot it, or it doesn't matter?
There
On Wed, Mar 29, 2023 at 5:02 AM Fotis Panagiotopoulos
wrote:
> > In my opinion asprintf should set the pointer to NULL, to be safe.
> > But the calling code should probably be changed as well, because it is
> > not a good coding example for portability.
>
> I'm sceptical about this.
> Setting the