On Oct 24, 2009, at 3:03 PM, Jakub Zawadzki wrote:
> Code is ok, and works fine... But I've got 3 questions:
> 1/ There's ep_strdup_printf() function - shouldn't it be used in
> cases like it?
> (IMHO best way)
That would be the right choice...
...if info_str were used for something other than col_add_str().
However, in that *particular* case, it's not used for anything else,
so it should just use col_add_fstr() in each of the case statements.
(Oh, and not use check_col() any more; that's deprecated.)
> 2/ Why ep memory is used in first place, shouldn't be
> gchar info_str[200];
> used instead of
> gchar *info_str = ep_alloc(200); ?
Maybe the theory was that overflowing an ep_allocated buffer is better
than overflowing a stack buffer, but
1) it's g_snprintf, so you shouldn't *have* a buffer overflow
and
2) as long as you're ep_allocating it, you might as well use
ep_strdup_printf().
> 3/ 200 bytes buffer is overkill - shouldn't g_sprintf() be used?
> (if programmer make mistake in buffer size canary check will
> abort program)
I wouldn't vote for g_sprintf() - or any other flavor of sprintf(); I
don't want to rely on anything else to abort the program if you
overflow the buffer.
> or both 4 ways are ok, and there's no best one? :)
I think the base way to handle this *particular* case is to use
col_add_fstr().
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
