[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: Re: kdeutils/klaptopdaemon [POSSIBLY UNSAFE]
From: Lubos Lunak <l.lunak () suse ! cz>
Date: 2002-12-06 15:36:30
[Download RAW message or body]
On Friday 06 of December 2002 16:21, Oswald Buddenhagen wrote:
> On Fri, Dec 06, 2002 at 04:12:16PM +0100, Lubos Lunak wrote:
> > but %s in scanf() without a size limit is simply baaaaad.
>
> yeah, the kernel could be attempting to crack your box. :))))
>
> > f = fopen("/proc/apm", "r");
> > + s = fscanf(f, "%255s %d.%d %x %x %x %x %d%% %d %s\n",
>
> seriously, if you can prove that it's poinless to add additional safety,
> then don't bother to make the code less readable. maybe add a comment.
I don't see how adding the maximum size there makes it less readable. Better
be safe than sorry.
--
Lubos Lunak
KDE developer
---------------------------------------------------------------------
SuSE CR, s.r.o. e-mail: l.lunak@suse.cz , l.lunak@kde.org
Drahobejlova 27 tel: +420 2 9654 2373
190 00 Praha 9 fax: +420 2 9654 2374
Czech Republic http://www.suse.cz/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic