[Midnight Commander] #1813: Statifc buffer version of name_quote()
Enrico Weigelt
weigelt at metux.de
Tue Nov 10 14:09:38 UTC 2009
* MC Ticket System <tickets at midnight-commander.org> schrieb:
> 1. What about potential buffer overflow in execute_menu_command()
> (src/user.c:654)? User's input parameter is not length-limited.
It will simply get cut-off if its larger than the buffer.
Or simply stay w/ the allocating variant at this point.
> 2. The static buffer is effective when you allocate and free some piece of
> memory very often, many (hundred or thousand) times per second. But
> name_quote() is called once in each place where it's called.
Maybe the saving is not that huge, but malloc()+free() add
some overhead and a chance of memleaks.
Even better would be utilizing alloca(), but that will involve
a bit of preprocessor-fu, eg.:
#define QUOTED_NAME(name,val) \
char* ##name = alloca(strlen(val)*2+2); \
__name_quote_buf(##name,val);
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service - http://www.metux.de/
---------------------------------------------------------------------
Please visit the OpenSource QM Taskforce:
http://wiki.metux.de/public/OpenSource_QM_Taskforce
Patches / Fixes for a lot dozens of packages in dozens of versions:
http://patches.metux.de/
---------------------------------------------------------------------
More information about the mc-devel
mailing list