Dangerous strcpy
Jerry James
james at xemacs.org
Thu Jun 22 12:37:52 EDT 2006
"Vladimir G. Ivanovic" <vgivanovic at comcast.net> wrote:
> It's been a long time since I've used sysconf().... but that's probably
> the way to go.
I don't know. It seems like a lot of complication and fuss. All this
code really wants to know is if DISPLAY points to frame 0 on the same
machine that XEmacs itself is running on. (Is there really no Xlib
function to tell you that?) Assuming that gethostbyname() always yields
a properly null-terminated string, I think we should just alloca a
buffer of size strlen(h->h_name + 1).
> P.S. I was going to comment that it's unlikely but possible for the host
> name length (is that the entire hostname+domainname or just the
> hostname-domainname?) to be more than 255 characters in length. Looks
> like the perfect use for an assert()!
According to the comment above the code in question, you can't be sure
whether it's just the hostname or the hostname+domainname! In any case,
since many systems have a limit of 255 on the name length, you're just
asking for trouble if you have a longer name. Therefore, I consider it
extremely unlikely that this code will ever overrun the buffer. Still,
it doesn't hurt to be cautious about such things.
--
Jerry James, Assistant Professor james at xemacs.org
Computer Science Department http://www.cs.usu.edu/~jerry/
Utah State University
More information about the XEmacs-Beta
mailing list
