Closed Bug 514134 Opened 15 years ago Closed 11 years ago

usage of sprintf in Address book code

Categories

(MailNews Core :: Address Book, defect)

Product:
MailNews Core
Component:
Address Book
Version:
1.9.1 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 22.0

People

(Reporter: Usul, Assigned: aceman)

References

(
URL
)

Details

Attachments

(1 file)

patch
1.10 KB, patch
jcranmer
: review+
neil
: feedback+
Details | Diff | Splinter Review 
> http://mxr.mozilla.org/comm-central/source/mailnews/addrbook/src/nsVCardObj.cpp#1116

Now we have 64-bits being written to a 16-byte buffer. Since 2^64 - 1 takes up
21 characters including \0 this is not safe.

It might be a good idea to change the ValueItem union to using PRUint32 and
PRUint64 instead of unsigned int and unsigned long.
Flags: wanted-thunderbird3?
Flags: wanted-thunderbird3?
The line number of nsVCardObj is probably not right today. Can you update which line/function you meant?
Assignee: nobody → acelists
(In reply to :aceman from comment #1)
> The line number of nsVCardObj is probably not right today. Can you update
> which line/function you meant?

I've cced you because I could find some sprintf in the file(In reply to Ludovic Hirlimann [:Usul] from comment #0)
> > http://mxr.mozilla.org/comm-central/source/mailnews/addrbook/src/nsVCardObj.cpp#1116
> 
> Now we have 64-bits being written to a 16-byte buffer. Since 2^64 - 1 takes
> up
> 21 characters including \0 this is not safe.
> 
> It might be a good idea to change the ValueItem union to using PRUint32 and
> PRUint64 instead of unsigned int and unsigned long.

And cant' find that anymore - should have looked more before ccing sorry for the noise.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
There are still some but above the line you originally posted.
http://mxr.mozilla.org/comm-central/source/mailnews/addrbook/src/nsVCardObj.cpp#1077

I just wanted to be sure if those are those that you meant. As they are 16 byte as described.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Attached patch patchSplinter Review 

        Attachment #725871 -
        Flags: review?(mconley)

        Attachment #725871 -
        Flags: feedback?(neil)

    
  
Status: REOPENED → ASSIGNED

    
  

        Attachment #725871 -
        Flags: feedback?(neil) → feedback+

    
    

    
  
Comment on attachment 725871 [details] [diff] [review]
patch

I'm not even sure what's happening here. Joshua, can you take a quick look at this?

        Attachment #725871 -
        Flags: review?(mconley) → review?(Pidgeot18)

    
    

    
  
Comment on attachment 725871 [details] [diff] [review]
patch

Review of attachment 725871 [details] [diff] [review]:
-----------------------------------------------------------------

This code does have a very high WTF factor. I hope a new, sane VCard implementation will be in the works related to ensemble. :-/

This code is also wrong, but that's not your fault (it assumes sizeof(size_t) == sizeof(long) elsewhere).

        Attachment #725871 -
        Flags: review?(Pidgeot18) → review+

    
    

    
  
Thanks.
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/comm-central/rev/2b7333a4cb28
Status: ASSIGNED → RESOLVED
Closed: 11 years ago11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 22.0

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: