Re: [dev] Re: [st] [PATCH] Avoid buffer overflows in the case of key-mapped strings.

From: Christoph Lohmann <20h_AT_r-36.net>
Date: Thu, 10 Oct 2013 21:06:33 +0200

Greetings.

On Thu, 10 Oct 2013 21:06:33 +0200 sin <sin_AT_2f30.org> wrote:
> On Thu, Oct 10, 2013 at 08:56:05PM +0200, Roberto E. Vargas Caballero wrote:
> > > It's runtime segfault (that may be rare and hard to catch) that is
> > > worth exactly one additional check.
> >
> > Ok, we don't agree about this topic, so I would like listen the opinion
> > of other suckless developers in order to take a decision.
>
> I agree with Roberto here, if a user makes a mistake in the configuration
> and the program segfaults it is the user's responsibility.
>
> I do not think it is hard to catch, all it takes is to diff your config
> against a known working copy (the default one for example).

There are no users in suckless. There are only developers. Users have to
use gnome. So knowing array boundaries and pointers is a must. If you
would design config.h for end users, well you are already lost with the
task. It’s impossible.

For the special case: What’s the sense in sending a NULL string on a
shortcut? You are supposed to get a strange error you can only solve by
thinking when you do that. Roberto is right on this. Will we do boundary
checks on the other variables too?


Sincerely,

Christoph Lohmann
Received on Thu Oct 10 2013 - 21:06:33 CEST