You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pegasus.apache.org by GitBox <gi...@apache.org> on 2020/08/21 03:29:08 UTC

[GitHub] [incubator-pegasus] l2dy commented on a change in pull request #575: fix: replace use of insecure sprintf

l2dy commented on a change in pull request #575:
URL: https://github.com/apache/incubator-pegasus/pull/575#discussion_r474388278



##########
File path: src/client_lib/pegasus_client_factory_impl.cpp
##########
@@ -23,7 +23,7 @@ bool pegasus_client_factory_impl::initialize(const char *config_file)
             // use config file to run
             char exe[] = "client";
             char config[1024];
-            sprintf(config, "%s", config_file);
+            snprintf(config, 1024, "%s", config_file);

Review comment:
       That's true, but the size of these buffers are already hard-coded and you have plans to refactor them afterwards with maybe fmtlib, so I don't want to bother to introduce new size constants for each of them. Time would be better spent on refactoring with fmtlib.
   
   P.S. In Pegasus' code base, there are at least 25 `char` arrays with hard-coded size and no comment explaining the choice of different sizes. That should be improved in other PRs.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pegasus.apache.org
For additional commands, e-mail: dev-help@pegasus.apache.org