Re: CVS update: subversion/subversion/tests/xml pipatch.xml

[Greg Stein <gs...@lyra.org>]

On Sat, Feb 17, 2001 at 06:08:13PM -0000, cmpilato@tigris.org wrote:
>...
>   4.  Uses of fixed-length char buffers which, while likely to be of
>       safe size, would be better handled as dynamically allocated
>       buffers of *always* safe size.

Careful, there.

Actually, I said/meant(?) "if a fixed-length buffer is going to be copied
into allocated memory, then you may as well avoid the fixed-length buffer in
the first place [and use svn_string_createf or apr_psprintf or whatever]".

I don't want to advocate tossing *all* fixed length buffers. But if the
contents of that buffer are going to end up in a pool, then (IMO) it *is*
best to remove them. Their presence simply raises a yellow flag (re: buffer
overruns) and impedes quick/easy review of the security.


That said: excellent checkin! My little mind is feeling very hobgoblinish.
Oh wait. Now how does that go? Hobgoblins have little minds? um....

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/