[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: kdeutils/klaptopdaemon [POSSIBLY UNSAFE]
From:       Lubos Lunak <l.lunak () suse ! cz>
Date:       2002-12-06 15:36:30
[Download RAW message or body]

On Friday 06 of December 2002 16:21, Oswald Buddenhagen wrote:
> On Fri, Dec 06, 2002 at 04:12:16PM +0100, Lubos Lunak wrote:
> > but %s in scanf() without a size limit is simply baaaaad.
>
> yeah, the kernel could be attempting to crack your box. :))))
>
> >  	f = fopen("/proc/apm", "r");
> > +	s = fscanf(f, "%255s %d.%d %x %x %x %x %d%% %d %s\n",
>
> seriously, if you can prove that it's poinless to add additional safety,
> then don't bother to make the code less readable. maybe add a comment.

 I don't see how adding the maximum size there makes it less readable. Better 
be safe than sorry.

-- 
Lubos Lunak
KDE developer
---------------------------------------------------------------------
SuSE CR, s.r.o.  e-mail: l.lunak@suse.cz , l.lunak@kde.org
Drahobejlova 27  tel: +420 2 9654 2373
190 00 Praha 9   fax: +420 2 9654 2374
Czech Republic   http://www.suse.cz/

[prev in list] [next in list] [prev in thread] [next in thread]