Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use length-bounded string/memory functions #7709

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open

Use length-bounded string/memory functions #7709

wants to merge 18 commits into from
+88 −108

Conversation

rubiefawn
Copy link
Contributor

@rubiefawn rubiefawn commented Feb 14, 2025
edited
Loading

Resolves #3949 by replacing all calls to sprintf() and strcpy() in first-party code (read: not in a git submodule or src/3rdparty) with calls to snprintf() or some other reasonable alternative, depending on context.

This does not resolve the memory management issue raised in this comment.

@rubiefawn
Prefer snprintf() over sprintf()
031a70e 
This replaces all calls to sprintf() in first-party code with calls to
snprintf() or some other reasonable alternative.
@rubiefawn
Simplify snprintf call
fed2232 
Remove bitmask, since the format specifier already restricts the output
to 2 characters per byte
@rubiefawn
Use the correct variable name lol
4df9e17 
I used a different name in my test code to make sure my method was
working properly and forgot to change the name back. Fixed!
@sakertooth
Copy link
Contributor

I'd be reluctant to change anything in MidiImport/portsmf. This seems to be a third party library that wasn't pulled into as a Git submodule for some reason.

sakertooth
sakertooth approved these changes Mar 7, 2025
View reviewed changes
Copy link
Contributor

@sakertooth sakertooth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just had a few thoughts/questions.

@rubiefawn rubiefawn changed the title Prefer snprintf() over sprintf() Use length-bounded string/memory functions Mar 7, 2025
rubiefawn added 5 commits March 7, 2025 12:08
@rubiefawn
Simplify string whitespace trimming
ee46963
@rubiefawn
Another small memcpy fix
b5fedeb 
len could be < size
@rubiefawn
Oops len isn't local
17b2787
@rubiefawn
Oops, copy null terminator too
6b308b6
@rubiefawn
Explicity reserve space for null terminators
722c457 
This is done by a) explicitly initializing buffers to 0, and b) providing snprintf() with one less than the buffer size, so that the last remaining element will always retain its initial value (which is 0)
sakertooth
sakertooth reviewed Mar 8, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tresf tresf tresf left review comments

@sakertooth sakertooth sakertooth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Audit/replace use of sprintf() and friends...
3 participants
@rubiefawn @sakertooth @tresf