[olsr-dev] [PATCH] Improvements in dot_draw plugin
Tue Nov 8 12:07:57 CET 2005
On Mon, 2005-11-07 at 07:14 +0100, Andreas Tønnesen wrote:
> Thanks, patches are always appreciated :-)
> But if you can make them against the current CVS version you'll make
> life easier for everybody and you make sure you're not fixing something
> that is already fixed.
ACK. And I (tried to) apply to former patch. A similar one against
current cvs is attached.
> Regarding the sprintf issue I agree that it is bad, but in this code the
> string arguments passed to the %s format is always the result for the
> olsr_ip_to_string fuction which I regard to be a "controlled" result.
Yes, of course I don't want to imply that anything is seriously broken
*now* (please insert definition of "seriously broken" here;-).
It is just to be sure that no (hidden) bug is introduced if e.g. some of
the controlled functions (like inet_ntoa()) is replaced at sometime in
the future with not-so-controlled functions (or even worse that parts of
these strings comes from the config-file or command line).
And I don't think that one (especially not me) checks *all* callers of a
function if such a change is made just to check that some buffer is
large enough after the change.
> In the core olsrd code there is (AFAIK) no use of potentially dangerous
> string functions, but in plugins such as this I don't think this is a
I will explain the potential weakness with the patches (even if they are
quite pathological cases).
And gcc (especially gcc-4.0x) has also a lot of nice warnings to find
superflous or strange code.
> big problem. But if you'd like to clean it up in a platform independent
> way, feel free to do so :-)
BTW is there some (not so interesting) plugin or similar part of the
code where the platform independency can be tried with simply committing
a change and wait for complaints/bug reports (i.e. the compile breakage
is not that serious).
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3956 bytes
Desc: not available
More information about the Olsr-dev