In some real-world code, I noticed a curious pattern: using the unsafe
string functions on function parameter arguments. This leads to
gets()-style unsafe APIs.
I've looked at how to implement a warning for this, and came up with the
attached patch. Do you think this makes sense?
1
On Fri, Aug 17, 2012 at 11:22 AM, Florian Weimer fwei...@redhat.com wrote:
In some real-world code, I noticed a curious pattern: using the unsafe
string functions on function parameter arguments. This leads to
gets()-style unsafe APIs.
I've looked at how to implement a warning for this, and
On 08/17/2012 09:15 PM, Gabriel Dos Reis wrote:
Hmm, I think it help a little bit if you could expand on where exactly
the danger the patch is trying to prevent is, and where what
does unbound parameter refer to or mean? (I don't know what
an unbound parameter is)
Sorry for being unclear. I