Pascal Stumpf writes: > I believe I found two types of problems in this patch: > > - mkstemp(tmpMakefile); > + int ret = mkstemp(tmpMakefile); > + (void) ret; > > Why not (void)mkstemp(...)? But this should really actually *do* > something with the return value and handle the error condition.
I tried the simple (void)mkstemp at first. But it doesn't work with some older gcc compilers. So I've choosen a solution which always works. > - strcpy(ptr, name->sysname); > + strncpy(ptr, name->sysname, SYS_NMLN); > > strncpy() does not guarantee NUL-termination if sizeof(dst) == > sizeof(src). I believe these should be replaced by strlcpy. A portable > copy can be included for operating systems that don't have it in libc. In principle it's ok for me to use strlcpy and strlcat. But unfortunately they are not available in glibc for Linux. So the question is: Do we want to rely on an additional library (libbsd?) and is it available for all supported Linux distributions. In any case it should be another patch because there are much more strcpy and strcat functions than I've changed. > Also, the write_xxx_params() functions in dtappbuilder definitely need > more work. I'm pretty sure X11 includes aren't in /X11/include on most > systems nowadays, and OpenBSD surely will not install CDE libraries into > /usr/dt/lib. Well, the whole dtappbuilder needs more work. For the fixed paths I can say that I have another patch in preparation. It will replace all remaining occurrences of /usr/dt, /var/dt and /etc/dt in CDE with appropriate macros. But for this patch I wanted to concentrate on some of the warnings. ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ cdesktopenv-devel mailing list cdesktopenv-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
