You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "D.J. Heap" <dj...@gmail.com> on 2007/02/24 16:22:59 UTC
[PATCH] svndumpfilter's use of %n
Are there any objections to changing svndumpfilter's use of sprintf
with %n over to apr_snprintf with %n?
In VS2005 Microsoft has deprecated the use of %n as 'inherently
insecure' and turning it back on requires a special function call. It
seemed simpler to just switch to apr_snprintf since it is only used in
svndumpfilter and only in a few places.
Log:
Change svndumpfilter's use of sprintf with %n to apr_snprintf for VS2005.
* subversion/svndumpfilter/main.c
(write_prop_to_stringbuf, output_revision, output_node):
Use apr_snprintf rather than sprintf.
Re: [PATCH] svndumpfilter's use of %n
Posted by "D.J. Heap" <dj...@gmail.com>.
On 2/24/07, Malcolm Rowe <ma...@farside.org.uk> wrote:
[snip]
> Done in r23494, thanks.
>
Much better, thanks!
DJ
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [PATCH] svndumpfilter's use of %n
Posted by Malcolm Rowe <ma...@farside.org.uk>.
On Sat, Feb 24, 2007 at 09:30:31PM +0000, Malcolm Rowe wrote:
> On Sat, Feb 24, 2007 at 02:24:54PM -0600, Jonathan Gilbert wrote:
> > Doesn't sprintf() return the number of bytes it wrote into the buffer anyway?
> >
> > bytes_used = sprintf(buf, "%d", namelen);
> > svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
> >
>
> Yes, it does. I like that
Done in r23494, thanks.
Regards,
Malcolm
Re: [PATCH] svndumpfilter's use of %n
Posted by Malcolm Rowe <ma...@farside.org.uk>.
On Sat, Feb 24, 2007 at 02:24:54PM -0600, Jonathan Gilbert wrote:
> Doesn't sprintf() return the number of bytes it wrote into the buffer anyway?
>
> bytes_used = sprintf(buf, "%d", namelen);
> svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
>
Yes, it does. I like that. I'm pretty sure the return of sprintf() is
sensible, unlike, say, snprintf() - where some implementations return -1
on truncation.
> ..or if one is feeling daring (might not be wise, since in the case of
> failure, a negative number is returned -- but then, what could go wrong
> with this particular invocation? :-):
>
> svn_stringbuf_appendbytes(*strbuf, buf,
> sprintf(buf, "%d", namelen));
>
That's a little less readable that what I was hoping for :-)
Regards,
Malcolm
Re: [PATCH] svndumpfilter's use of %n
Posted by Jonathan Gilbert <o2...@sneakemail.com>.
At 06:01 PM 2/24/2007 +0000, Malcolm Rowe wrote:
>> - sprintf(buf, "%d%n", namelen, &bytes_used);
>> - svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
>> + sprintf(buf, "%d", namelen);
>> + svn_stringbuf_appendbytes(*strbuf, buf, strlen(buf));
>> svn_stringbuf_appendbytes(*strbuf, "\n", 1);
>
>Slightly less efficient, but a whole lot clearer.
Doesn't sprintf() return the number of bytes it wrote into the buffer anyway?
bytes_used = sprintf(buf, "%d", namelen);
svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
..or if one is feeling daring (might not be wise, since in the case of
failure, a negative number is returned -- but then, what could go wrong
with this particular invocation? :-):
svn_stringbuf_appendbytes(*strbuf, buf,
sprintf(buf, "%d", namelen));
Jonathan Gilbert
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [PATCH] svndumpfilter's use of %n
Posted by Malcolm Rowe <ma...@farside.org.uk>.
On Sat, Feb 24, 2007 at 09:22:59AM -0700, D.J. Heap wrote:
> Are there any objections to changing svndumpfilter's use of sprintf
> with %n over to apr_snprintf with %n?
>
I had to look up %n to find out what it did. It might be better to do
something like the following:
> - sprintf(buf, "%d%n", namelen, &bytes_used);
> - svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
> + sprintf(buf, "%d", namelen);
> + svn_stringbuf_appendbytes(*strbuf, buf, strlen(buf));
> svn_stringbuf_appendbytes(*strbuf, "\n", 1);
>
Slightly less efficient, but a whole lot clearer.
Regards,
Malcolm