On Sun, 10 Nov 2013 at 18:10:14 +0100, Christophe wrote: > > ----- Carlos R. Mafra <crma...@gmail.com> a écrit : > > On Sun, 10 Nov 2013 at 17:41:09 +0100, Christophe wrote: > > > From: Christophe CURIS <christophe.cu...@free.fr> > > > > > > It is not only not very efficient, but in present case it also > > > participates > > > in memory fragmentation. > > > > > > This patch replaces this with a stack allocated buffer with a buffer which > > > is way too large. > > > > "Too large" might not be enough to someone explicitly wanting to create > > a buffer overflow attack by using a self-compiled app with a large > > class name, no? > > > > I'm not too paranoid about this, but it looks like this patch makes the > > code vulnerable for little benefit... > > In this current case, "too large" should be interpreted as "I am ashamed to > take so much space for something that's never gonna be that big" because if > this gets too long it will be truncated on display anyway. > > For the security concern, the code used and still uses s*n*printf, so all > that can happen is a truncated string, not a buffer overflow. > > Hope I have reassured you?
Great, thanks! -- To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.