mirror of
https://github.com/Pithikos/C-Thread-Pool
synced 2024-11-21 21:21:23 +03:00
Use safe snprintf() instead of sprintf()
The use of sprintf is considered unsafe. And besides being in this case not vulnerable, CI services such as deepcode.ai will send an annoying alert for projects using thpool, as in this example: 47376326b7/_/%2Fsrc%2Fthpool.c/cpp%2Fdc%2FBufferOverflowUnsafeFunction/321/code
The buffer is also bigger than needed: even if `thread_p->id` were to be an uint64_max, the generated string would still fit in 31 bytes (`thread-pool-9223372036854775807`); so buffer was set to 32 bytes instead of 128
This commit is contained in:
parent
25fa679eca
commit
5fbe481965
4
thpool.c
4
thpool.c
@ -317,8 +317,8 @@ static void thread_hold(int sig_id) {
|
||||
static void* thread_do(struct thread* thread_p){
|
||||
|
||||
/* Set thread name for profiling and debuging */
|
||||
char thread_name[128] = {0};
|
||||
sprintf(thread_name, "thread-pool-%d", thread_p->id);
|
||||
char thread_name[32] = {0};
|
||||
snprintf(thread_name, 32, "thread-pool-%d", thread_p->id);
|
||||
|
||||
#if defined(__linux__)
|
||||
/* Use prctl instead to prevent using _GNU_SOURCE flag and implicit declaration */
|
||||
|
Loading…
Reference in New Issue
Block a user