Bug#534641: mendex bug
Hi Norbert, hi all,
-#define TAIL(x) (x+strlen(x))
+#define TAIL(x) ((x)+strlen(x))
It was my fault. Thank you for correcting.
+#define TAIL_LEN(x) ((x)+strlen(x)), (BUFFERLEN-strlen(x))
Nice idea.
I'm not sure but I'm wandering if snprintf()
can handle negative (minus) length or not.
int snprintf(char *str, size_t size, const char *format, ...);
'size_t' should be unsigned?
Regards,
Nobuyuki Tsuchimura
From: Norbert Preining <preining@logic.at>
Subject: [ptex:00356] Re: mendex bug
Date: Sun, 8 Sep 2013 10:59:19 +0900
Message-ID: <[🔎] 20130908015919.GA20356@gamma.logic.tuwien.ac.at>
> Hi Karl, hi all,
>
> On Sa, 07 Sep 2013, Karl Berry wrote:
> > #define TAIL(x) (x+strlen(x))
>
> Done, fixed patch attached: mendex-bugfix
>
> > In general, shouldn't snprintf be used to avoid the whole potential of
> > buffer overrun?
>
> Done that for fwrite.c, but there are other cases in the source.
> Patch for fwrite.c attached, on top of the prvious: mendex-snprintf
>
> If anyone can comment on that (review) that would be great, especially
> the definition of
> TAIL_LEN(x)
> (returning two argumetns, the pointer and the remaining length, for
> the first two arguments of snprintf).
>
> Thanks
>
> Norbert
>
> ------------------------------------------------------------------------
> PREINING, Norbert http://www.preining.info
> JAIST, Japan TeX Live & Debian Developer
> DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
> ------------------------------------------------------------------------
Reply to: