Mercurial > dovecot > core-2.2
view src/lib/printf-format-fix.h @ 21322:5ab8dc1a4a6f
global: Change string position/length from unsigned int to size_t
Mainly to avoid truncating >4GB strings, which might potentially cause
some security holes. Normally there are other limits, which prevent such
excessive strings from being created in the first place.
I'm sure this didn't find everything. Maybe everything could be found with
compiler warnings. -Wconversion kind of does it, but it gives way too many
unnecessary warnings.
These were mainly found with:
grep " = strlen"
egrep "unsigned int.*(size|len)"
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Mon, 12 Dec 2016 07:19:55 +0200 |
| parents | 6a64e64fa3a3 |
| children |
line wrap: on
line source
#ifndef PRINTF_FORMAT_FIX_H #define PRINTF_FORMAT_FIX_H /* Replaces %m in format with strerror(errno) and panics if %n modifier is used. If the format string was modified, it's returned from data stack. */ const char *printf_format_fix(const char *format) ATTR_FORMAT_ARG(1); /* Like printf_format_fix(), except return also the format string's length. */ const char *printf_format_fix_get_len(const char *format, size_t *len_r) ATTR_FORMAT_ARG(1); /* Like printf_format_fix(), except the format string is written to data stack without actually allocating it. Data stack must not be used until format string is no longer needed. */ const char *printf_format_fix_unsafe(const char *format) ATTR_FORMAT_ARG(1); #endif