[GRASS-dev] d.legend uses a static buffer for `map='
Glynn Clements
glynn at gclements.plus.com
Tue Jan 8 14:18:14 EST 2008
Ivan Shmakov wrote:
> >> In my opinion, strncpy () should generally be preferred over strcpy
> >> ().
>
> > Using strncpy() isn't much of an improvement, as the copy won't be
> > NUL-terminated if it's truncated. And simplyy NUL-terminating the
> > string risks reading/writing the wrong file. The only safe solutions
> > are to either dynamically allocate all buffers, or signal a fatal
> > error if the source is too long.
>
> Or, if a library function is considered, it may return a kind of
> error to the caller.
That requires each caller to check for errors.
> For example, I'd suggest changing D_get_cell_name () as follows:
>
> diff --git a/lib/display/list.c b/lib/display/list.c
> index 48180cf..2353092 100644
> --- a/lib/display/list.c
> +++ b/lib/display/list.c
> @@ -99,6 +99,9 @@ int D_get_cell_name(char *name )
> if ((stat = R_pad_get_item ("cell", &list, &count)))
> return(-1) ;
>
> + if (strlen (list[0]) >= GNAME_MAX)
> + return -1;
> +
That isn't a problem; it's reasonably safe to assume that the names
which appear in the list don't exceed that value (e.g. most
filesystems won't let you have a name longer than that).
> >> $ nl -ba display/d.colors/main.c
> >> ...
> >> 25 int
> >> 26 main (int argc, char **argv)
> >> 27 {
> >> 28 char name[128] = "";
>
> > Right. We encourage developers to replace these with the defined
> > constants as they encounter them.
>
> ACK.
Well, it's not as if anyone is going to sytematically examine the
entire GRASS source code to find such cases.
> PS. Shouldn't G__open () use GPATH_MAX as well?
Yes. And GNAME_MAX and GMAPSET_MAX.
And it shouldn't be freeing the mapset either.
--
Glynn Clements <glynn at gclements.plus.com>
More information about the grass-dev
mailing list