From 6462fa8be51c304d9273ca6943b49f44616455a7 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Sep 2021 12:24:31 -0700 Subject: =?UTF-8?q?Don=E2=80=99t=20overallocate=20rtapelib=20sprintf=20buf?= =?UTF-8?q?fers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * lib/rtapelib.c (rmt_lseek__, rmt_ioctl__): Don’t promote arguments of INT_STRLEN_BOUND, as that might over-allocate the resulting buffers. This is not an efficiency problem because any overallocations are tiny. However, it is confusing (to me, at least) to have code that unnecessarily overallocates, as that makes it harder to reason about integer or buffer overflow. --- lib/rtapelib.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/rtapelib.c b/lib/rtapelib.c index 1ff2eb6..d7b8b36 100644 --- a/lib/rtapelib.c +++ b/lib/rtapelib.c @@ -657,7 +657,7 @@ rmt_write__ (int handle, char *buffer, size_t length) off_t rmt_lseek__ (int handle, off_t offset, int whence) { - char command_buffer[sizeof "L\n0\n" + INT_STRLEN_BOUND (+offset)]; + char command_buffer[sizeof "L\n0\n" + INT_STRLEN_BOUND (offset)]; switch (whence) { @@ -691,8 +691,8 @@ rmt_ioctl__ (int handle, unsigned long int operation, void *argument) case MTIOCTOP: { struct mtop *mtop = argument; - enum { oplen = INT_STRLEN_BOUND (+mtop->mt_op) }; - enum { countlen = INT_STRLEN_BOUND (+mtop->mt_count) }; + enum { oplen = INT_STRLEN_BOUND (mtop->mt_op) }; + enum { countlen = INT_STRLEN_BOUND (mtop->mt_count) }; char command_buffer[sizeof "I\n\n" + oplen + countlen]; /* MTIOCTOP is the easy one. Nothing is transferred in binary. */ -- cgit v1.2.1