On Mon, 15 May 2023 21:47:19 GMT, Mikael Vidstedt <mik...@openjdk.org> wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one >> additional commit since the last revision: >> >> replace strcpy with snprintf > > src/utils/hsdis/binutils/hsdis-binutils.c line 248: > >> 246: size_t used_size = strlen(close); >> 247: char* p = buf + used_size; >> 248: bufsize -= used_size; > > May not happen in practice, but if `used_size` is larger than `bufsize` this > will wrap to a very large value. Perhaps the `strcpy` above should also be an > `snprintf`, and the return value handled the same way as for the subsequent > `snprintf` calls? I think it is safe as the `buf` size has been checked at around line 230. However, it may make the code easier to read if replacing `strcpy` with `snprintf`. The patch was updated accordingly. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13995#discussion_r1195441861
