Web lists-archives.com

Re: [MPlayer-dev-eng] [PATCH] input.c: optimize mp_cmd list.




On Sat, Feb 13, 2016 at 11:25:07PM +0100, Ingo Brückl wrote:
> Reimar Döffinger wrote on Sat, 13 Feb 2016 23:12:32 +0100:
> 
> > Reduce its size and encode strings directly
> > to avoid relocations.
> 
> > -        mp_cmd->name = strdup("panscan");
> > +        strcpy(mp_cmd->name, "panscan");
> 
> > -  char* name;
> > +  char name[24];
> 
> Since nobody knows about the size of name, a secure string copy with length
> of name and null-termination would be preferable.

That is kind of the problem with the whole change,
however we do not really have untrusted input here,
and the normal avstrlcpy etc. would just silently
truncate.
What we'd really want is a strcpy that fails
to compile when the string does not fit.
Unfortunately I know of none such, and even
just compiletime asserts are a problem by
themselves.
_______________________________________________
MPlayer-dev-eng mailing list
MPlayer-dev-eng@xxxxxxxxxxxx
https://lists.mplayerhq.hu/mailman/listinfo/mplayer-dev-eng