[PATCH v3 01/10] shell32/autocomplete: Fix a vulnerability by avoiding the use of snprintf
Gabriel Ivăncescu
gabrielopcode at gmail.com
Mon Sep 10 06:48:02 CDT 2018
On Mon, Sep 10, 2018 at 11:05 AM, Huw Davies <huw at codeweavers.com> wrote:
>
> This inner loop to process %% is ugly. Just do the processing of %s in this block.
> If you want to make sure you only do it once then set a flag.
>
Alright, I honestly think it's ok since it's a short block, but I'll
count the number of args then, I think it's a better approach than a
flag (even though in this case it's the same thing since only one %s
arg is allowed).
>
> Again, let's put spaces around binary operators (here the minus op) in
> new code. This applies other patches in this series too.
>
> However it would be nicer to have format_quick_complete return the length
> so that you can call EM_SETSEL with the correct length rather than an
> over-estimate.
>
Will do.
Note that I might miss some spaces between operators especially in
future patches (I have quite some patches lined up for AutoComplete
locally right now) but I hope that's not such a big deal even if I
miss the odd one, I'll try to put spaces where I find them though.
More information about the wine-devel
mailing list