[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [avrdude-dev] [bug #43471] avrdude 5.11 buffer overruns in stk500v2
From: |
Joerg Wunsch |
Subject: |
Re: [avrdude-dev] [bug #43471] avrdude 5.11 buffer overruns in stk500v2 code |
Date: |
Wed, 19 Nov 2014 23:06:10 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
As Bob Frazier wrote:
> > Nevertheless, changing the fixed buffers into malloc'ed
> > buffers might make a lot of sense. Other programmer
> > implementations (like those for the JTAGICEs) already do it
> > that way.
> yes - better programming practices for sure. fixed-length buffers on
> the stack are the source of *SO* many problems.
The fixed-length buffers could be lived with, but then, argument
checks would be required instead of blindly assuming every caller
calls them with valid parameters (the more since things like the
page size are obtained from user-modifiable files).
Given that, using malloc() is less work compared to adding all
those checks.
--
cheers, Joerg .-.-. --... ...-- -.. . DL8DTL
http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)