Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130114212350.GX4468@port70.net>
Date: Mon, 14 Jan 2013 22:23:50 +0100
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: minor issues (found by cppcheck)

* Rich Felker <dalias@...ifal.cx> [2013-01-14 16:05:41 -0500]:
> On Mon, Jan 14, 2013 at 08:41:47PM +0100, Szabolcs Nagy wrote:
> > getmntent_r has a sscanf with %d,
> > it might make sense to limit the width
> 
> I think the error is irrelevant for %d unless we're talking about the
> theoretical UB for integer overflow, but that doesn't seem to be what
> this warning is about. Anyway, musl's scanf has well-defined overflow
> behavior.

i mean if there is a very long digit sequence in the input
it may make sense to fail early, eg use %11d and with a final
%n we could check if the input is read correctly

assuming we want to report failure on invalid input

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.