On 6 October 2015 at 17:41, Lubomir I. Ivanov <[email protected]> wrote: > On 6 October 2015 at 17:38, Dirk Hohndel <[email protected]> wrote: >> On Tue, Oct 06, 2015 at 01:10:17PM +0300, Lubomir I. Ivanov wrote: >>> +const char *system_default_filename(void) >>> +{ >>> + char filename[128] = { 0 }; >>> + if (!*filename) { >>> + const char *user = getenv("LOGNAME"); >>> + strcat(filename, user); >> >> You are copying a user provided string (environment variable LOGNAME) into >> a fixed length buffer... not a good plan :-) >> >> I'll fix that. >> > > linux.c also has the same, BTW. >
i see some instances of PATH_MAX / MAX_PATH in the code base and it won't be a bad idea to replace those as well at some point. lubomir -- _______________________________________________ subsurface mailing list [email protected] http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
