著者: Hendrik Boom 日付: To: dng 題目: Re: [DNG] Systemd Shims
On Fri, Aug 21, 2015 at 12:51:55PM +0100, Rainer Weikusat wrote: >
> That's going to work with this particular problem which you incorrectly
> (the original path wasn't a macro) reduced to appending a string of
> unknown length to a constant string. Taking this into account, a
> solution without snprintf would become something like
>
> #define PATH "/tmp/"
>
> char *p;
>
> p = alloca(sizeof(PATH) + strlen(argv[1]));
Should that be
p = alloca(sizeof(PATH) + strlen(argv[1]) + 1);
> sprintf(p, "%s%s", PATH, argv[1]);
so there's space for the terminating '\0'?
or am I missing something obvious (as I did last time I tried fixing
some posted code?
>
> or putting this into other terms: The snprintf buys you exactly
> nothing. And you could have used asprintf to begin with. This would even
> address what was considered to be the issue, namely, that memory
> management and memory use are separate functions and that the
> correctness of the latter depends on the correctness of the former via
> implicit semantic constraints a compiler cannot check, something the
> snprintf-code exhibits as well as it is still composed of the three
> steps
>
> 1. Calculate the required length based on the input data.
> 2. Allocate a buffer of a sufficient size.
> 3. Copy the input data into this buffer.
>
> Just in a somewhat less obvious way.