Re: [E-devel] [EGIT] [core/efl] master 01/01: edje edje_embryo: use strncpy().

Wed, 21 Sep 2016 16:34:13 -0700 

On Wed, 21 Sep 2016 09:21:42 -0300 Gustavo Sverzut Barbieri
<barbi...@gmail.com> said:

> On Wed, Sep 21, 2016 at 3:04 AM, ChunEon Park <her...@hermet.pe.kr> wrote:
> > hermet pushed a commit to branch master.
> >
> > http://git.enlightenment.org/core/efl.git/commit/?id=06bd8dcf330fe31891475c92aa340d4886f47e2b
> >
> > commit 06bd8dcf330fe31891475c92aa340d4886f47e2b
> > Author: Hermet Park <her...@hermet.pe.kr>
> > Date:   Wed Sep 21 15:03:11 2016 +0900
> >
> >     edje edje_embryo: use strncpy().
> >
> >     This change is not meaningful but avoids an annoying coverity detection.
> > ---
> >  src/lib/edje/edje_embryo.c | 7 +++----
> >  1 file changed, 3 insertions(+), 4 deletions(-)
> >
> > diff --git a/src/lib/edje/edje_embryo.c b/src/lib/edje/edje_embryo.c
> > index bb46310..c09c3ff 100644
> > --- a/src/lib/edje/edje_embryo.c
> > +++ b/src/lib/edje/edje_embryo.c
> > @@ -1553,10 +1553,9 @@ _edje_embryo_fn_get_text(Embryo_Program *ep,
> > Embryo_Cell *params) }
> >          else
> >            {
> > -             char *ss;
> > -
> > -             ss = alloca(strlen(s) + 1);
> > -             strcpy(ss, s);
> > +             int size = strlen(s) + 1;
> > +             char *ss = alloca(size);
> > +             strncpy(ss, s, size);
> 
> 
> strlcpy(), but really, just dismiss this one in covertity... is it
> dumb? We're alloca(strlen(s) + 1), how would it fail the size?
> 
> alternatively you can replace this with memcpy(ss, s, size), at least
> it's faster.

indeed. same here. dismiss such issues. just look at the code. the buffer is
the correct len. in fact size is wrong. it should be size - 1 or otherwise you
may get a non-0 byte terminated string... in fact it also is missing FORCING a
0 byte termination... so the code got no safer, but if you are going to be
paranoid, now you look at the code and go "well it's EXPECTING the string to
possibly not fit with strncpy .. but it isnt ensuring the 0 byte termination!".

sot he code actually became worse. before it was simple. the expectation it'd
fit was correct. it didnt need to do more. :)

-- 
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler)    ras...@rasterman.com


------------------------------------------------------------------------------
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to