* Ricardo Neri <ricardo.neri-calde...@linux.intel.com> wrote:
> > > + snprintf(warn, sizeof(warn), "%s %s", umip_insns[umip_inst],
> > > + umip_warn_use);
> >
> > This is incredibly fragile against future buffer overflows, and warning
> > about it
> > in comments does not make it less fragile!
>
> I need to concatenate the instruction mnemonic with the a string. Does
> something like
> this is more acceptable?
>
> unsigned char warn[50];
>
> ...
>
> strcpy(warn, umip_insns[umip_inst]);
> strcat(warn, " instruction cannot be used by applications.");
> umip_pr_warn(regs, warn, 0);
>
> In this manner I use the string literal directly but I still have a buffer
> that might
> overflow. Code looks more clear to me. I could #defines for the string
> lengths or
> set a maximum length.
This is still very fragile.
The right solution would be to make umip_pr_warn() a varargs helper function,
so
that you can just use it to print things the usual way. I'd also use a
__attribute__((format(printf))) specification to get good build-time warnings.
Thanks,
Ingo
