Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
Date:	Thu, 11 Apr 2024 11:36:10 +0200
User-agent:	Mozilla Thunderbird

On 11/4/24 09:47, Gerd Hoffmann wrote:

Hi,

     Due to security concerns inherent in the design of sprintf(3),
     it is highly recommended that you use snprintf(3) instead.

-    char response[40];
+    g_autofree char *response = NULL;

-                    sprintf(response, "\033[%d;%dR",
+                    response = g_strdup_printf("\033[%d;%dR",


Any specific reason why you don't go with the recommendation above?

While using g_strdup_printf() isn't wrong it allocates memory which
is not needed here because you can continue to use the stack buffer
this way:

        snprintf(response, sizeof(response), ...);


I thought GLib/GString was recommended for formatting, so choose
this thinking mostly about style. Indeed in this case snprintf()
is sufficient. I'll respin, thanks.


take care,
   Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 00/12] misc: Remove sprintf() due to macOS deprecation, Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
  - Re: [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf(), Alex Williamson, 2024/04/12
    - Re: [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf(), Cédric Le Goater, 2024/04/15
- [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
  - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Marc-André Lureau, 2024/04/11
  - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Gerd Hoffmann, 2024/04/11
    - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé <=
    - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Gerd Hoffmann, 2024/04/11
- [PATCH 05/12] system/qtest: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10
  - Re: [PATCH 05/12] system/qtest: Replace sprintf() by g_string_append_printf(), Thomas Huth, 2024/04/11
- [PATCH 03/12] hw/ppc/spapr: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 04/12] hw/mips/malta: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 06/12] util/hexdump: Rename @offset argument in qemu_hexdump_line(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 07/12] util/hexdump: Have qemu_hexdump_line() return heap allocated buffer, Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 08/12] util/hexdump: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 12/12] backends/tpm: Use qemu_hexdump_line() to avoid sprintf(), Philippe Mathieu-Daudé, 2024/04/10
  - Re: [PATCH 12/12] backends/tpm: Use qemu_hexdump_line() to avoid sprintf(), Stefan Berger, 2024/04/10

Prev by Date: Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
Next by Date: Re: [PATCH 00/12] misc: Remove sprintf() due to macOS deprecation
Previous by thread: Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
Next by thread: Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
Index(es):
- Date
- Thread