Ethereal-dev: [ethereal-dev] Should we put our "snprintf()" into Wiretap?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Sat, 19 Aug 2000 20:28:37 -0700
On Sat, Aug 19, 2000 at 01:31:27PM -0500, Laurent Deniel wrote:
> deniel      2000/08/19 13:31:25 CDT
> 
>   Modified files:
>     wiretap              wtap.c 
>   Log:
>   Fix buffer overflow on zlib uncompression errors.

It fixes the buffer overflow - but there's still no check for a buffer
overflow.

There are several possibilities here:

	1) Move Ethereal's "snprintf()" implementation to Wiretap, so
	   that Wiretap, as well as everything that uses it (which, at
	   least currently, includes Ethereal, Tethereal, and editcap),
	   can use "snprintf()";

	2) use "g_snprintf()" (I remember seeing something in the GTK+
	   mailing list that I *think* led me to think we might not want
	   to do that, similar to the "g_strcasecmp()" problem, but I
	   may be misremembering);

	3) use "g_strdup_printf()" and "g_strdup_vprintf()", which
	   allocates a big enough buffer for the message (this might be
	   expensive for stuff that's used a lot, but for error messages
	   it's probably good enough, as long as we can arrange that the
	   error message be "g_free()"d when we're done with it.

(BTW, GLib also supplies "g_strerror()" and "g_strsignal()", for mapping
errnos and signal numbers to names, and some other routines that might
be worth using.)