* MC Ticket System <tick...@midnight-commander.org> schrieb: > 1. What about potential buffer overflow in execute_menu_command() > (src/user.c:654)? User's input parameter is not length-limited.
It will simply get cut-off if its larger than the buffer. Or simply stay w/ the allocating variant at this point. > 2. The static buffer is effective when you allocate and free some piece of > memory very often, many (hundred or thousand) times per second. But > name_quote() is called once in each place where it's called. Maybe the saving is not that huge, but malloc()+free() add some overhead and a chance of memleaks. Even better would be utilizing alloca(), but that will involve a bit of preprocessor-fu, eg.: #define QUOTED_NAME(name,val) \ char* ##name = alloca(strlen(val)*2+2); \ __name_quote_buf(##name,val); cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ --------------------------------------------------------------------- Please visit the OpenSource QM Taskforce: http://wiki.metux.de/public/OpenSource_QM_Taskforce Patches / Fixes for a lot dozens of packages in dozens of versions: http://patches.metux.de/ --------------------------------------------------------------------- _______________________________________________ Mc-devel mailing list http://mail.gnome.org/mailman/listinfo/mc-devel