Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: dynbuf: PR #5300

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 30 Apr 2020 23:44:52 +0200 (CEST)

On Thu, 30 Apr 2020, David Chapman via curl-library wrote:

>> https://github.com/curl/curl/pull/5300
>
> Years ago I got tired of sprintf() buffer overflow problems and wrote my own
> version of sprintf(), passing in a function pointer block.  The first use
> was to reallocate sprintf() buffers on the fly; the second use was to
> sprintf() into C++ objects.

We basically have that already. The aprintf() implementation in curl returns
an allocated printf string, we also forbid the use of sprintf() and we have
our own snprintf() implementation.

Starting with this dynbuf PR, the aprintf() implementation is itself powered
by the new dynbuf functions.

> Naturally I think that dynbuf is a great idea.  Won't have time to review
> its code, unfortunately.

Thanks. The good part with replacing a lot of old functionality with these new
functions is that they get are so fundamental they will be used and tested
extensively by just running the test suite on all platforms. Not saying bugs
can't happen still of course... Also a reason I want to land this PR early on
in the release cycle.

I've also sprinkled the new functions with assert checks to attempt to detect
API abuse better and easier in debug builds. 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-04-30