How reasonable it is to try to replace > 600 calls to a couple functions that are potentially dangerous (maybe 1% of them are in practice) by calls to their safe versions...
=> More informations about this toot | More toots from EvenRouault@mastodon.social
@EvenRouault how big/bad is the danger?
=> More informations about this toot | More toots from jjimenezshaw@mapstodon.space
@jjimenezshaw Read heap-buffer-overflow (maybe write too ?). so potentially security sensitive . That kind of thing: https://github.com/OSGeo/gdal/pull/11638
=> More informations about this toot | More toots from EvenRouault@mastodon.social
@EvenRouault 😕 it doesn't look good.
And somebody will complain sooner or later.
I hate the black magic manipulating char* variables. It performs better, I know (how much is another discussion). But playing with magic is dangerous.
=> More informations about this toot | More toots from jjimenezshaw@mapstodon.space
@EvenRouault is your PR enough to fix it?
=> More informations about this toot | More toots from jjimenezshaw@mapstodon.space
@jjimenezshaw No, that's just the appetizer of the appetizer (https://github.com/OSGeo/gdal/pull/11639). The later covering maybe 20% of the changes to fix everything... ? RFC in progress...
=> More informations about this toot | More toots from EvenRouault@mastodon.social
@EvenRouault So it's only 6 to replace, sounds easy!
=> More informations about this toot | More toots from implgeo@mapstodon.space
@implgeo Yes, thanks for volunteering helping doing the replacement in the whole code base 😜
=> More informations about this toot | More toots from EvenRouault@mastodon.social
@EvenRouault @implgeo sounds like an easy sed job 😁
=> More informations about this toot | More toots from ianturton@fosstodon.org This content has been proxied by September (3851b).Proxy Information
text/gemini