logs archiveBotHelp.net / Freenode / #2f30 / 2015 / July / 17 / 15
k0ga
it is increible
FRIGN
yeah, I know!
Evil_Bob
lol thanks, but to be fair im also compiling with -Wall on OpenBSD ;)
k0ga
I think he is going to be funny with my code, because I'm pretty sure he is going to find millons of them
Evil_Bob
and im kinda OCD ;)
FRIGN
Evil_Bob: You even smashed the almost perfect sbase :D
k0ga
FRIGN: I prefer the ml at least now, because ppl will see that there is movement
Evil_Bob
FRIGN: lol
k0ga: is it ok to change some sprintf to the safer snprintf and maybe strcpy to strlcpy or snprintf ?
FRIGN
Evil_Bob: I'd always use it tbh
even if it's "trivial"
better include it, in case the code is changed later
Evil_Bob
FRIGN: yea
k0ga
This is horribly inefficient BSD crap.
xD
FRIGN
k0ga: fu*k off
k0ga
hahahahaha
it was a joke
I think in this case are not needed, or not?
FRIGN
k0ga: always use them
Evil_Bob
k0ga: yea i think it is safe, but for example at http://git.suckless.org/scc/tree/cc1/cpp.c#n356
FRIGN
Evil_Bob: hmmmmmmm
Evil_Bob
its better to do: if (strlcpy(file, sizeof(file), input->begin) >= sizeof(file))
FRIGN
Evil_Bob: totally agreed
!!!
Evil_Bob
or snprintf(..., sizeof(file)) and check for >= sizeof(file) and -1
FRIGN
hehe
nah, use strlcat
*strlcpy
that's the proper way to do it
Evil_Bob
strlcpy isnt inefficient, shouldnt be a difference
FRIGN
if (strlcpy(...) >= sizeof(file))
goto too_long
hueheuhe, that's what she said
hueheu
Evil_Bob
huehuehue :)
yea i prefer strlcpy, it should be added for compatibility then
FRIGN
yes
never do unchecked stuff like this
you never know if there might be a timing issue or sth
between the check and the strcpy
maybe a cosmic ray just hits your memory at the right spot and removes the 0-terminator
then you're fu*ked :P
Evil_Bob
lool
and at the moment there are 2 checks, when you change the size of the buffer but forget to change the check, you're fu*ked too
i mean, not 2 checks, but 2 places you need to change
FRIGN
yes
is the patch already in process?
Evil_Bob
yea
FRIGN
good
for entire scc?
Evil_Bob
you can do it too if you want
FRIGN
nah
gotta study :/
Evil_Bob
aw ok, math?
FRIGN
yeah :D
k0ga
Evil_Bob: why it is better?
(I know there is a buffer overflow in line 218)
FRIGN
k0ga: you mean the strlcat >= ... ?
k0ga
Evil_Bob: The main problem I Can see with strlcpy and friends is they are using a private namespace, that they should not be used
FRIGN: the memcpy
FRIGN
k0ga: dude, don't worry about strlcpy
k0ga
in cpp.c
FRIGN
premature optimization is the death of all software
strlcpy is not slower than strcpy
your program will spend 100 times more time on IO and other things
don't be ridiculous!
:P
k0ga
I do a macro expansion and I substitue the macro definition with the expansion
FRIGN
w/e :P
k0ga
but I don't check if it fits in the current line
FRIGN: I don't worry about speed at all (now)
Evil_Bob
k0ga: it is better practise to use strlcpy and less easy to mess up (only 1 place to do the check)
k0ga
this is an example of even with limit checking functions you can have buffer overflows
I think it is the same because you have to check the return value, so I don't see the point
FRIGN
k0ga: duude
What's your problem? :P
In sbase, we have estrlcat
of course, not applicable here
but we do the same there
It's a "best practice" emerged over the years
k0ga
well, another example of best practices are design patterns and object oriente programming xD
__20h__: what do you think?
FRIGN
k0ga: no, it's just part of the braindead C-dialect we have here :P
k0ga
hahahahahhaha
FRIGN
k0ga: http://git.suckless.org/sbase/tree/libutil/strlcpy.c#n50
k0ga
I usually don't like religion positions
Evil_Bob
FRIGN: fu*king GNU man, if strlcpy was part of the standard libc on Linux everyone would use it :|
FRIGN
Evil_Bob: yeah, sad thing
why exactly did they not include it?
Evil_Bob
k0ga: its not religious, its practical
k0ga
Evil_Bob: yes, like all the people use gnu sh*t extensions
kori
is strlcpy and strlcat in musl?
FRIGN: uhhhhh licensing I believe
FRIGN
kori: it is in musl
if you define BSD_SOURCE
Evil_Bob
kori: http://git.musl-libc.org/cgit/musl/tree/src/string/strlcpy.c
FRIGN
kori: it's not licensing
it was a political thing iirc
kori
COOL COOL
« prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 next »