You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by "D.J. Heap" <dj...@gmail.com> on 2007/02/24 16:22:59 UTC

[PATCH] svndumpfilter's use of %n

Are there any objections to changing svndumpfilter's use of sprintf
with %n over to apr_snprintf with %n?

In VS2005 Microsoft has deprecated the use of %n as 'inherently
insecure' and turning it back on requires a special function call.  It
seemed simpler to just switch to apr_snprintf since it is only used in
svndumpfilter and only in a few places.

Log:

Change svndumpfilter's use of sprintf with %n to apr_snprintf for VS2005.

* subversion/svndumpfilter/main.c
  (write_prop_to_stringbuf, output_revision, output_node):
  Use apr_snprintf rather than sprintf.

Re: [PATCH] svndumpfilter's use of %n

Posted by "D.J. Heap" <dj...@gmail.com>.

On 2/24/07, Malcolm Rowe <ma...@farside.org.uk> wrote:
[snip]
> Done in r23494, thanks.
>


Much better, thanks!

DJ

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] svndumpfilter's use of %n

Posted by Malcolm Rowe <ma...@farside.org.uk>.

On Sat, Feb 24, 2007 at 09:30:31PM +0000, Malcolm Rowe wrote:
> On Sat, Feb 24, 2007 at 02:24:54PM -0600, Jonathan Gilbert wrote:
> > Doesn't sprintf() return the number of bytes it wrote into the buffer anyway?
> > 
> >   bytes_used = sprintf(buf, "%d", namelen);
> >   svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
> > 
> 
> Yes, it does.  I like that

Done in r23494, thanks.

Regards,
Malcolm

Re: [PATCH] svndumpfilter's use of %n

Posted by Malcolm Rowe <ma...@farside.org.uk>.

On Sat, Feb 24, 2007 at 02:24:54PM -0600, Jonathan Gilbert wrote:
> Doesn't sprintf() return the number of bytes it wrote into the buffer anyway?
> 
>   bytes_used = sprintf(buf, "%d", namelen);
>   svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
> 

Yes, it does.  I like that.  I'm pretty sure the return of sprintf() is
sensible, unlike, say, snprintf() - where some implementations return -1
on truncation.

> ..or if one is feeling daring (might not be wise, since in the case of
> failure, a negative number is returned -- but then, what could go wrong
> with this particular invocation? :-):
> 
>   svn_stringbuf_appendbytes(*strbuf, buf,
>     sprintf(buf, "%d", namelen));
> 

That's a little less readable that what I was hoping for :-)

Regards,
Malcolm

Re: [PATCH] svndumpfilter's use of %n

Posted by Jonathan Gilbert <o2...@sneakemail.com>.

At 06:01 PM 2/24/2007 +0000, Malcolm Rowe wrote:
>> -  sprintf(buf, "%d%n", namelen, &bytes_used);
>> -  svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
>> +  sprintf(buf, "%d", namelen);
>> +  svn_stringbuf_appendbytes(*strbuf, buf, strlen(buf));
>>    svn_stringbuf_appendbytes(*strbuf, "\n", 1);
>
>Slightly less efficient, but a whole lot clearer.

Doesn't sprintf() return the number of bytes it wrote into the buffer anyway?

  bytes_used = sprintf(buf, "%d", namelen);
  svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);

..or if one is feeling daring (might not be wise, since in the case of
failure, a negative number is returned -- but then, what could go wrong
with this particular invocation? :-):

  svn_stringbuf_appendbytes(*strbuf, buf,
    sprintf(buf, "%d", namelen));

Jonathan Gilbert

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] svndumpfilter's use of %n

Posted by Malcolm Rowe <ma...@farside.org.uk>.

On Sat, Feb 24, 2007 at 09:22:59AM -0700, D.J. Heap wrote:
> Are there any objections to changing svndumpfilter's use of sprintf
> with %n over to apr_snprintf with %n?
> 

I had to look up %n to find out what it did.  It might be better to do
something like the following:

> -  sprintf(buf, "%d%n", namelen, &bytes_used);
> -  svn_stringbuf_appendbytes(*strbuf, buf, bytes_used);
> +  sprintf(buf, "%d", namelen);
> +  svn_stringbuf_appendbytes(*strbuf, buf, strlen(buf));
>    svn_stringbuf_appendbytes(*strbuf, "\n", 1);
>  

Slightly less efficient, but a whole lot clearer.

Regards,
Malcolm