[Announce] GnuPG 1.4 and 2.0 buffer overflow
Werner Koch
wk at gnupg.org
Wed Nov 29 15:28:13 CET 2006
On Wed, 29 Nov 2006 11:52, christianbiere at gmx.de said:
> similar to asprintf() that takes no format string but simply a variable number of string arguments
Well in that concrete case that would be a good idea. However the
sentinel attribute is only available since gcc 4 and in the past it
was common to miss the terminating NULL in the arg list ;-)
In general such a function will not help as it gets into the way when
doing i18n.
> Also, asprintf() returns an int instead of size_t. Yet another library function broken by design.
This is perfectly reasonable. How would you return an error code
with size_t?
Salam-Shalom,
Werner
More information about the Gnupg-devel
mailing list