On Tue, 19 Feb 2002, Jesper Skov wrote:
> On Tue, 2002-02-19 at 04:35, Robert Altenburg wrote:
> > Attached is a patch to fix bug 1957 "numerated lists
> > become star lists in human readable text exporter."
> >
> > What this does:
> >
> > When the exporter sees a new numbered list, this
> > allocates a UT_uint16 to hold the value of the
> > bullet number, and adds a pointer to that number
> > to a hash. If it has seen the list before it gets
> > the pointer to the integer from the hash, prints
> > the value, and increments it. When the destructor
> > is called, it frees the memory used by the integers.
>
> I haven't read the rest of the file, nor do I have any experience with
> exporters. But I'm surprised to see use of char and sprintf. Surely you
> want to use the UT_ versions of these?
>
> [snip]
> > + char buff[20];
> [snip]
> > + sprintf(buff,"%d ",*pTemp);
> [snip]
>
This is all through the import/exporters. It make me worried about buffer
overflows. About two months ago I asked it someone could implement a
UT_String.sprintf() method. Various people promised to do this or
something equivalent but it hasn't happened yet.
If someone implements the equivalent of a UT_String.sprintf() method that
is immune to buffer overflows I undertake to eliminate all the sprintf
into fixed buffers in the importers to start with.
Cheers
Martin
