Re: [dev] Re: [st] [PATCH] Avoid buffer overflows in the case of key-mapped strings.

From: koneu <koneu93_AT_googlemail.com>
Date: Thu, 10 Oct 2013 22:25:26 +0200

Hi.

There is a compile time boundary
check on the number of tags in dwm.
Still, considering sl software is targeted at elite users
it's not necessary IMO.

~k

Christoph Lohmann <20h_AT_r-36.net> wrote:
>Greetings.
>
>On Thu, 10 Oct 2013 21:06:33 +0200 sin <sin_AT_2f30.org> wrote:
>> On Thu, Oct 10, 2013 at 08:56:05PM +0200, Roberto E. Vargas Caballero
>wrote:
>> > > It's runtime segfault (that may be rare and hard to catch) that
>is
>> > > worth exactly one additional check.
>> >
>> > Ok, we don't agree about this topic, so I would like listen the
>opinion
>> > of other suckless developers in order to take a decision.
>>
>> I agree with Roberto here, if a user makes a mistake in the
>configuration
>> and the program segfaults it is the user's responsibility.
>>
>> I do not think it is hard to catch, all it takes is to diff your
>config
>> against a known working copy (the default one for example).
>
>There are no users in suckless. There are only developers. Users have
>to
>use gnome. So knowing array boundaries and pointers is a must. If
>you
>would design config.h for end users, well you are already lost with
>the
>task. It’s impossible.
>
>For the special case: What’s the sense in sending a NULL string on
>a
>shortcut? You are supposed to get a strange error you can only solve
>by
>thinking when you do that. Roberto is right on this. Will we do
>boundary
>checks on the other variables too?
>
>
>Sincerely,
>
>Christoph Lohmann
Received on Thu Oct 10 2013 - 22:25:26 CEST