Subject: Re: CVS commit: src/sys
To: None <itojun@iijlab.net>
From: Charles M. Hannum <abuse@spamalicious.com>
List: tech-kern
Date: 04/24/2004 18:02:38
On Saturday 24 April 2004 17:36, itojun@iijlab.net wrote:
> > the original code (with sprintf) is already broken, as sprintf()
> > returns -1 on failure. we just need to fix all of these
> > cp += sprintf (or snprintf).
>
> happy now?
No. If this is a "security" change, then it should not occur only with
DIAGNOSTIC, especially given that most people don't use DIAGNOSTIC any more.
I'd be happier if snprintf (or some trivial variant) always paniced if a
buffer was too small, and therefore never returned too large a value.