| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Mar 2012 21:58:27 -0300 From: Arnaldo Carvalho de Melo <acme@...hat.com> To: Peter Seebach <peter.seebach@...driver.com> Cc: Ingo Molnar <mingo@...e.hu>, Anton Blanchard <anton@...ba.org>, paulus@...ba.org, peterz@...radead.org, dsahern@...il.com, fweisbec@...il.com, yanmin_zhang@...ux.intel.com, emunson@...bm.net, linux-kernel@...r.kernel.org Subject: Re: [PATCH] perf: Incorrect use of snprintf results in SEGV Em Wed, Mar 07, 2012 at 03:19:51PM -0600, Peter Seebach escreveu: > On Wed, 7 Mar 2012 21:37:25 +0100 Ingo Molnar <mingo@...e.hu> wrote: > > We *DONT* want to make APIs more fragile just to accomodate a > > rare, esoteric usecase! > > I would view snprintf as an API which already exists. If it's the > wrong API, by all means, write a different one -- but I would suggest > not using the same name for it. If a function is going to be called > snprintf, IMO it should have the semantics of snprintf. If those are > the wrong semantics (and they may well be), then I would say use a > function which has the right semantics, and isn't named snprintf. Right, its more a case of: Don't assume people do things you think are reasonable, read carefully and follow the instructions. At least it is not as long as other EULAs, it is much, much shorter, but managed to be just as non intuitive. - Arnaldo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists