John Darrington <[email protected]> writes: > Regarding Jason's latest commit to master, ("Merged changes from > branch interaction-review"): > > I get nervous when I see memcpy used, because : > > 1) Its use of void * arguments circumvents type checking. > 2) It offers no protection against buffer overflow. > > The patch below fixes the first problem (you'll have to re-run make -f Smake).
I don't mind using a function that provides more type-checking, but for that purpose u8_cpy() is a better choice than u8_strncpy(), since it has less overhead. It also won't stop at a null byte, which matches the behavior of most of our current code. (It might make sense to change that behavior, but I would want to do it as a conscious choice all at one time, not accidentally bit by bit, if possible.) > Regarding the second problem, (specifically, I can't see anything to ensure > that result->val will be large enough to contain the concatenated string) > I suggest an assertion similar to assert (offset < val_width); result->val should be large enough because it should have been created by interaction_variable_create(), which sums up the widths of the values that are to be concatenated. -- Ben Pfaff http://benpfaff.org _______________________________________________ pspp-dev mailing list [email protected] http://lists.gnu.org/mailman/listinfo/pspp-dev
