[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: lua_error/luaL_verror
- From: Reuben Thomas <rrt1001@...>
- Date: Sat, 18 Nov 2000 00:43:45 +0000 (GMT)
In my view, the first function is mis-specified (is there a good reason why
it's not
void lua_error(lua_State *, char *fmt, ...)
? and the second function is misnamed ("v" versions of functions should take
a va_list) and misimplemented (it uses a fixed-size buffer, and fills it
with the insecure function vsprintf, which could overflow).
Why not just change lua_error to do the right thing? This will at a single
stroke
a) Improve an inadequate function
b) Plug a security hole
c) Remove a source of confusion (the two names, one of them a bad choice)
Or am I missing something? If so, I grovel humbly!
--
http://sc3d.org/rrt/ | maxim, n. wisdom for fools
