On Mon, May 18, 2026 at 01:03:29PM +0200, Alejandro Colomar via Mutt-dev wrote:
+ mailbox = safe_malloc(mutt_strlen(utf8_user) + mutt_strlen(utf8_domain) + 2); + sprintf(mailbox, "%s@%s", NONULL(utf8_user), NONULL(utf8_domain)); /* __SPRINTF_CHECKED__ */Should we use an sprintf(3) variant that allocates itself? That could simplify this to: mailbox = aprintf("%s@%s", NONULL(utf8_user), NONULL(utf8_domain)); if (mailbox == NULL) goto fail;
Hi Alex,Actually sprintf() usage in mutt is pretty rare. The check_sec.sh script scans for it and requires an explicit comment for it to be allowed.
The only reason I used it in this case is because it's used in the other two conversion functions in mutt_idna.c, and as I mentioned, I modelled this one off of those for consistency and ease of understanding.
There is a safe_asprintf() equivalent in the mutt codebase in safe_asprintf.c, but surprisingly it's only used in four places in the code!
I could change it here, but then I should probably change it in the other two functions to match. If you'd like I can make a separate patch to change it in all three places. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
