Zeev Suraski wrote: > I think their work is a good step that PHP needed for a while. I also > think it's an ongoing project, and not a one-time pass. > > Looking at the patch, the vast majority of changes made don't actually > fix bugs, but rather, implement the same code using 'defensive' > techniques. E.g., use strlcpy() instead of strcpy(), even when strcpy() > is safe; Or, use sizeof(foo) instead of a hardcoded number as an > argument to snprintf(), in case the size of foo changes in the future. > > The only comment I have (after this short glance) is that I'd rather see > sizeof(foo) instead of 'sizeof foo' (we don't need yet another style in > our code base :), but otherwise, I think most of the patches should make > it into the main tree.
That's what I thought, too. I'm also suprised by the fact that there are so many magic numbers in php source ;) -- Yasuo Ohgaki > > Zeev > > At 14:22 14/03/2002, Andrew Sitnikov wrote: > >> Hello php-dev, >> >> What you think about this: >> http://phpaudit.42-networks.com/ >> >> >> Big size of patch does not bring pleasure >> >> Best regards, >> Andrew Sitnikov >> e-mail : [EMAIL PROTECTED] >> GSM: (+372) 56491109 >> >> >> -- >> PHP Development Mailing List <http://www.php.net/> >> To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
