You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Greg Stein <gs...@lyra.org> on 2001/02/17 22:06:19 UTC
Re: CVS update: subversion/subversion/tests/xml pipatch.xml
On Sat, Feb 17, 2001 at 06:08:13PM -0000, cmpilato@tigris.org wrote:
>...
> 4. Uses of fixed-length char buffers which, while likely to be of
> safe size, would be better handled as dynamically allocated
> buffers of *always* safe size.
Careful, there.
Actually, I said/meant(?) "if a fixed-length buffer is going to be copied
into allocated memory, then you may as well avoid the fixed-length buffer in
the first place [and use svn_string_createf or apr_psprintf or whatever]".
I don't want to advocate tossing *all* fixed length buffers. But if the
contents of that buffer are going to end up in a pool, then (IMO) it *is*
best to remove them. Their presence simply raises a yellow flag (re: buffer
overruns) and impedes quick/easy review of the security.
That said: excellent checkin! My little mind is feeling very hobgoblinish.
Oh wait. Now how does that go? Hobgoblins have little minds? um....
Cheers,
-g
--
Greg Stein, http://www.lyra.org/