Ethereal-dev: [Ethereal-dev] Re: rev 15660: /trunk/plugins/asn1/: packet-asn1.c /trunk/epan/:

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 2 Sep 2005 05:44:20 -0400
On 9/2/05, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> ronnie sahlberg wrote:
> >and then all GString and g_string_...
> >and standardize on g_snprintf() for this phase.
> >  
> >
> Which might be a bad idea, the way you've done it IMHO (at least at the 
> place I've mentioned). You've reduced the risk of memory leaks but 
> raised the risk of security problems.
> 
> The GString has the main advantage of being security safe (at least if 
> used correct, but it's easy to do so) and the main disadvantage of 
> probable memory leaks.

My rationale for removing the GStrings:

I do not doubt that GStrings are safe and good.
However, there are currently only two dissectors in all of
epan/dissectors that use them : armagetronad and bgp (and i have
removed them already from a couple of others).
So rarely used so their goodness does not really have any practical
impact on ethereal and stability.
(If we use them we should use them for all dissectors).

So i think the GString usage is so rare it currently provides no
practical benefit if we keep them or not.

Not keeping them would mean there would be one less dependency on
glib. And removing them is such insignificant work in scope of the
full auditing that has to be done anyway,   so why not get rid of them
and lessen the dependency on glib?


I think it would be kind of neat if we could get rid of the glib
dependency altogether some time in the future.