[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Let's tell we are using GTK+
|
From: |
Lute Kamstra |
|
Subject: |
Re: Let's tell we are using GTK+ |
|
Date: |
Tue, 19 Aug 2003 14:34:58 +0200 |
|
User-agent: |
Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) |
Terje Rosten <address@hidden> writes:
> * Lute Kamstra
> |
> | > + {
> | > + char gtk_version[8];
> | > + sprintf (gtk_version, "%d.%d.%d", GTK_MAJOR_VERSION,
> GTK_MINOR_VERSION,
> | > + GTK_MICRO_VERSION);
> | > + Vgtk_version_string = build_string (gtk_version);
> | > + }
> |
> | this seems vulnerable to a buffer overflow.
>
> That's right. In a updated patch I increased to gtk_version[12], but
> that's not large enough if a GTK+ release is named e.g
> 2.2.cvs20030819.
So, let's make it 40 then, to be on the safe side.
> | It is acceptable to use snprintf instead, or isn't that portable
> | enough? (I'm not really intimate with C.) What could be used
> | instead, a larger string?
>
> What about using glib? If GTK+ is available then is glib available
> too. A updated patch using the glib function g_snprintf is included.
Makes sense.
Terje, did you sign copyright papers for Emacs? If so I'll apply your
patch in a few days if nobody objects.
Lute.
- Re: Let's tell we are using GTK+, (continued)
Re: Let's tell we are using GTK+, Lute Kamstra, 2003/08/04
- Re: Let's tell we are using GTK+, Terje Rosten, 2003/08/04
- Re: Let's tell we are using GTK+, Betoes, 2003/08/20
- Re: Let's tell we are using GTK+, Andreas Schwab, 2003/08/22
- Re: Let's tell we are using GTK+, Richard Stallman, 2003/08/23
- Re: Let's tell we are using GTK+, Lute Kamstra, 2003/08/24
Re: Let's tell we are using GTK+, Richard Stallman, 2003/08/22
Re: Let's tell we are using GTK+, Simon Josefsson, 2003/08/23
Re: Let's tell we are using GTK+, José Roberto B . de A . Monteiro, 2003/08/21
Re: Let's tell we are using GTK+, Betoes, 2003/08/22