On Tue, Mar 05, 2024 at 08:06:10PM -0800, Jerry D wrote: > On 3/5/24 1:51 PM, Harald Anlauf wrote: > > Hi Jerry, > > > > on further thought, do we sanitize 'child_iomsg'? > > We pass it to snprintf as format. > > > > Wouldn't a strncpy be sufficient? > > > > Harald > > > > > > Just to be safe I will bump char message[IOMSG_LEN] to char > message[IOMSG_LEN + 1] > > This is like a C string vs a Fortran string length situation. snprintf > guarantees we don't exceed the child_iomsg_len and null terminates it. > > I added 1 to: > child_iomsg_len = string_len_trim (IOMSG_LEN, child_iomsg) + 1 >
string_len_trim substracts 1 from the passed in argument. gfc_charlen_type string_len_trim (gfc_charlen_type len, const CHARTYPE *s) { if (len <= 0) return 0; const size_t long_len = sizeof (unsigned long); size_t i = len - 1; Does this account for the NULL? -- steve