[Python-Dev] Re: mysnprintf broken
Martin v. Loewis
martin@v.loewis.de
Mon, 26 Nov 2001 00:20:09 +0100
> Is there some reason why we can't incorporate a free snprintf
> implementation? There is a list available at
> http://www.ijs.si/software/snprintf/.
Looks like the time machine is at work again: the version we use *is*
a free snprintf implementation.
If you want to replace it with a different one, you should indicate
specifically which one you'd like to use instead. I think Mark
Martinec's implementation (the top one on the URL you give) is
unacceptable, because the license is too restrictive: we must
incoporate the package in its entirety, i.e. redistribution of
portions seems not to be licensed by the Frontier Artistic License.
I don't have the time to review 10 other implementations for their
suitability both in terms of licensing and correctness.
Instead, I'd rather review the three occurrences of PyOS_snprintf, to
determine quickly that you will have a hard time to overflow that
buffer; *it is not at all easy*. Even if it does overflow, you will
get a fatal error, rather than silent memory corruption. That is good
enough for me.
Regards,
Martin