<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Some comments for patch #1, I chose the non-secure versions because
they are faster and produce smaller binary. The functions where
these printings are performed can't in my opinion ever exceed the
safety margin of 32 KB. They print short help and error texts and
occasionally filename, which with APIs is restricted to 260
characters. And you can't feed it longer faulty names either because
maximum command line length is much shorter than 32 KB.<br>
<br>
Patch #2 is good. I was apparently not thinking when writing that.<br>
<br>
The break that patch #3 removes is there for a reason. If there is
an error in string conversion there's no point in continuing the
operation. All conversions are discarded if something failed so not
exiting from the loop is wasted effort.<br>
<br>
<div class="moz-cite-prefix">On 8.8.2014 18:18, lvqcl wrote:<br>
</div>
<blockquote cite="mid:op.xj94sbwicba0by@userhome-pc" type="cite">For
better readability the patch is divided by 3 parts.
<br>
<br>
Part #1: for a bit better security replace
<br>
vsprintf(utmp, format, argptr)
<br>
with
<br>
vsnprintf_s(utmp, 32768, _TRUNCATE, format, argptr)
<br>
<br>
<br>
Part #2: potential memleak fixed: utf8argv[i] are not freed
<br>
when utf8argv itself is freed.
<br>
<br>
<br>
Part #3: 'if (ret != 0) break;' line seems redundant.<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
flac-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:flac-dev@xiph.org">flac-dev@xiph.org</a>
<a class="moz-txt-link-freetext" href="http://lists.xiph.org/mailman/listinfo/flac-dev">http://lists.xiph.org/mailman/listinfo/flac-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>