[2918] in bugtraq
at the risk of another flamefest..
daemon@ATHENA.MIT.EDU (*Hobbit*)
Mon Jul 15 13:12:09 1996
Date: Mon, 15 Jul 1996 00:36:49 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: *Hobbit* <hobbit@avian.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
This one triggered my "old classic" filter. Your patch has
- char buf[256];
+ char *buf=alloca(strlen(name)+50);
and five lines later, the original code fragment
for (cp = name; *cp; )
n += *cp++;
Is this a family of mistakes that male programmers constantly make?? It's
doesn't matter how big your buffer is, it's how you USE it -- i.e. how you
limit what can be stuffed INTO it. Essentially unbounded processing of this
sort over areas that may not necessarily be conveniently zero-filled or
pre-terminated for you is one reason we have so many of these BUGS...
Maintaining perspective,
_H*
