Subject: Re: CVS commit: src/sys
To: M. Warner Losh <firstname.lastname@example.org>
From: Simon J. Gerraty <email@example.com>
Date: 04/26/2004 15:51:44
>In message: <20040425044912.94DFEA655@zen.crufty.net>
> firstname.lastname@example.org (Simon J. Gerraty) writes:
>: cp += snprintf(...)
>Maybe people shouldn't do that at all. No need to have a cp +=
>safe_sprintf() because the code is still wrong in the buffer overflow
>case: if it returns 0, future uses of cp will be wrong.
Not so (and as someone pointed out, save_snprintf() should actually
return the amount of buffer consumed - which just happens to be 0 in
the case where there was no room left).
There's nothing wrong with doing a bunch of
cp += safe_snprintf(cp, ep - cp, ....)
followed by if (cp >= ep) oops!;
Ie. there is no overflow issue and you can detect the error as early/late
as you like.
>So what you propose would fix the 'negativge offset' issue, but not
What deeper issue?
Adding the means for safe_snprintf to panic when no space available
would be quite useful too. Controlled by #if DIAGNOSTIC and/or a sysctl