[Xapian-devel] [Xapian-commits] 10413: trunk/xapian-maintainer-tools/win32msvc/makedepend/
Richard Boulton
richard at lemurconsulting.com
Wed Apr 30 12:13:46 BST 2008
Olly Betts wrote:
> Unless I'm missing some subtlety, it just redefines BUFSIZ in an attempt
> to make a buffer overflow less likely. But that doesn't really address
> the problem, does it? It just means that you need to set a longer
> include path to trigger it. At the very minimum we really should do two
> things as well as increasing the size of the buffer:
>
> (a) Use a different define to BUFSIZ, which has a meaning in ISO C.
> It's bad to just redefine it.
>
> (b) Actually check that the buffer doesn't overflow by checking
> against its fixed size before copying/appending to it.
I've just committed fixes from Charlie for both of these.
--
Richard
More information about the Xapian-devel
mailing list