From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Lute Kamstra Newsgroups: gmane.emacs.devel Subject: Re: Let's tell we are using GTK+ Date: Tue, 19 Aug 2003 14:34:58 +0200 Organization: CWI, Amsterdam Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: References: NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1061315012 2230 80.91.224.253 (19 Aug 2003 17:43:32 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 19 Aug 2003 17:43:32 +0000 (UTC) Cc: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Tue Aug 19 19:43:31 2003 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 19pAW3-00078e-00 for ; Tue, 19 Aug 2003 19:43:31 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 19pAYx-0000To-00 for ; Tue, 19 Aug 2003 19:46:31 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.20) id 19p6XY-0004gS-NV for emacs-devel@quimby.gnus.org; Tue, 19 Aug 2003 09:28:48 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.20) id 19p6XQ-0004es-U5 for emacs-devel@gnu.org; Tue, 19 Aug 2003 09:28:40 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.20) id 19p6Wu-0004WB-D3 for emacs-devel@gnu.org; Tue, 19 Aug 2003 09:28:39 -0400 Original-Received: from [192.16.191.8] (helo=hera.cwi.nl) by monty-python.gnu.org with esmtp (Exim 4.20) id 19p5hZ-0007fi-Ci for emacs-devel@gnu.org; Tue, 19 Aug 2003 08:35:05 -0400 Original-Received: from occarina.pna.cwi.nl (occarina.pna.cwi.nl [192.16.184.200]) by hera.cwi.nl with ESMTP id OAA07353 for ; Tue, 19 Aug 2003 14:34:59 +0200 (MEST) Original-Received: (from lute@localhost) by occarina.pna.cwi.nl (8.12.8/8.12.5) id h7JCYwDN026357; Tue, 19 Aug 2003 14:34:59 +0200 X-Authentication-Warning: occarina.pna.cwi.nl: lute set sender to Lute.Kamstra@cwi.nl using -f Original-To: Terje Rosten In-Reply-To: (Terje Rosten's message of "Tue, 19 Aug 2003 12:46:33 +0200") User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) Original-Lines: 32 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:16025 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:16025 Terje Rosten writes: > * Lute Kamstra > | > | > + { > | > + char gtk_version[8]; > | > + sprintf (gtk_version, "%d.%d.%d", GTK_MAJOR_VERSION, GTK_MINOR_VERSION, > | > + GTK_MICRO_VERSION); > | > + Vgtk_version_string = build_string (gtk_version); > | > + } > | > | this seems vulnerable to a buffer overflow. > > That's right. In a updated patch I increased to gtk_version[12], but > that's not large enough if a GTK+ release is named e.g > 2.2.cvs20030819. So, let's make it 40 then, to be on the safe side. > | It is acceptable to use snprintf instead, or isn't that portable > | enough? (I'm not really intimate with C.) What could be used > | instead, a larger string? > > What about using glib? If GTK+ is available then is glib available > too. A updated patch using the glib function g_snprintf is included. Makes sense. Terje, did you sign copyright papers for Emacs? If so I'll apply your patch in a few days if nobody objects. Lute.