Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
On Thu, Apr 11, 2024 at 11:36:10AM +0200, Philippe Mathieu-Daudé wrote:
> On 11/4/24 09:47, Gerd Hoffmann wrote:
> >Hi,
> >
> > > Due to security concerns inherent in the design of sprintf(3),
> > > it is highly recommended that you use snprintf(3) instead.
> >
> > > -char response[40];
> > > +g_autofree char *response = NULL;
> >
> > > -sprintf(response, "\033[%d;%dR",
> > > +response = g_strdup_printf("\033[%d;%dR",
> >
> > Any specific reason why you don't go with the recommendation above?
> >
> > While using g_strdup_printf() isn't wrong it allocates memory which
> > is not needed here because you can continue to use the stack buffer
> > this way:
> >
> > snprintf(response, sizeof(response), ...);
>
> I thought GLib/GString was recommended for formatting,
If you allocate the output buffer anyway (and there are patches in this
series where this is the case) it's clearly better to use
g_strdup_printf instead of malloc + snprintf.
In case a fixed-size buffer can be used I wouldn't switch to dynamic
allocation ...
take care,
Gerd
Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
On 11/4/24 09:47, Gerd Hoffmann wrote:
Hi,
Due to security concerns inherent in the design of sprintf(3),
it is highly recommended that you use snprintf(3) instead.
-char response[40];
+g_autofree char *response = NULL;
-sprintf(response, "\033[%d;%dR",
+response = g_strdup_printf("\033[%d;%dR",
Any specific reason why you don't go with the recommendation above?
While using g_strdup_printf() isn't wrong it allocates memory which
is not needed here because you can continue to use the stack buffer
this way:
snprintf(response, sizeof(response), ...);
I thought GLib/GString was recommended for formatting, so choose
this thinking mostly about style. Indeed in this case snprintf()
is sufficient. I'll respin, thanks.
take care,
Gerd
Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
Hi,
> Due to security concerns inherent in the design of sprintf(3),
> it is highly recommended that you use snprintf(3) instead.
> -char response[40];
> +g_autofree char *response = NULL;
> -sprintf(response, "\033[%d;%dR",
> +response = g_strdup_printf("\033[%d;%dR",
Any specific reason why you don't go with the recommendation above?
While using g_strdup_printf() isn't wrong it allocates memory which
is not needed here because you can continue to use the stack buffer
this way:
snprintf(response, sizeof(response), ...);
take care,
Gerd
Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
On Wed, Apr 10, 2024 at 8:06 PM Philippe Mathieu-Daudé
wrote:
>
> sprintf() is deprecated on Darwin since macOS 13.0 / XCode 14.1,
> resulting in painful developper experience.
>
> Replace sprintf() by g_strdup_printf() in order to avoid:
>
> [702/1310] Compiling C object libcommon.fa.p/ui_console-vc.c.o
> ui/console-vc.c:824:21: warning: 'sprintf' is deprecated:
> This function is provided for compatibility reasons only.
> Due to security concerns inherent in the design of sprintf(3),
> it is highly recommended that you use snprintf(3) instead.
> [-Wdeprecated-declarations]
> sprintf(response, "\033[%d;%dR",
> ^
> 1 warning generated.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Marc-André Lureau
> ---
> ui/console-vc.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/ui/console-vc.c b/ui/console-vc.c
> index 899fa11c94..b455db436d 100644
> --- a/ui/console-vc.c
> +++ b/ui/console-vc.c
> @@ -648,7 +648,7 @@ static void vc_putchar(VCChardev *vc, int ch)
> QemuTextConsole *s = vc->console;
> int i;
> int x, y;
> -char response[40];
> +g_autofree char *response = NULL;
>
> switch(vc->state) {
> case TTY_STATE_NORM:
> @@ -821,7 +821,7 @@ static void vc_putchar(VCChardev *vc, int ch)
> break;
> case 6:
> /* report cursor position */
> -sprintf(response, "\033[%d;%dR",
> +response = g_strdup_printf("\033[%d;%dR",
> (s->y_base + s->y) % s->total_height + 1,
> s->x + 1);
> vc_respond_str(vc, response);
> --
> 2.41.0
>
