Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix MD5 digest #3136

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix MD5 digest #3136

wants to merge 1 commit into from

Conversation

Semphriss
Copy link
Member

Commit c04b46a mistakenly used snprintf(str, sizeof(str), ...) with sizeof instead of strlen.

Since using strlen would add a header, and since we know both the buffer length and the length of the printed string, the size can simply be hardcoded (2 characters + 1 terminating NULL character, which will be overwritten for each printf except the last).

I've also removed the now-unneeded manual terminating null byte.

Fix MD5 digest
190c94e 
Commit c04b46a mistakenly used 'snprintf(str, sizeof(str), ...)' with
'sizeof' instead of 'strlen'. Since using strlen would add a header, and since
we know both the buffer length and the length of the printed string, the size
can simply be hardcoded (2 characters + 1 terminating NULL character, which
will be overwritten for each printf except the last).
@swagtoy
Copy link
Contributor

swagtoy commented Dec 9, 2024
edited
Loading

First off, this is the wrong commit, Tobbi simply fixed linting in this one.

Second of all, If you're going to out of your way to refactor some weird logic in this library, you might as well just use std::stringstream for this instead of snprintf. Or hell, even just std::fmt might be the preferred solution, but alas:

std::stringstream res;
res << std::hex;
for ... {
    res << digest[i];
}

It is slightly slower due to no preallocation but more c++'y and less prone to any issues (i mean... we're already casting it to a string at the end anyway!!!). No need to use these C functions...

And in all honesty we..... shouldn't be relying on a hex digest to begin with :-) We should just rely on the raw md5sum data through the rest of the code. In the usage at Addon::get_md5(), it would be preferred if get_md5() returned the array of each byte, then we either used std::equal or just some std::array comparison to do this. We shall never need to rely directly on the stringified checksum data. It is designed for reading and simpler string comparisons, not for actual code comparisons.

Third of all, you can move so to the line itself now.

I personally believe we should just use string stream since we are already doing a std::string comparison at the end anyway. There is no need to call snprintf by hand like this for us. I very personally we shouldn't even use this function at all...

@tulpenkiste
Copy link
Contributor

tulpenkiste commented Dec 14, 2024
edited
Loading

Second of all, If you're going to out of your way to refactor some weird logic in this library, you might as well just use std::stringstream for this instead of snprintf. Or hell, even just std::fmt might be the preferred solution, but alas

As far as I'm aware, std::fmt is not a viable solution for SuperTux due to needing to support older Ubuntu versions which don't have C++20

@swagtoy
Copy link
Contributor

swagtoy commented Dec 14, 2024 via email

@MatusGuy MatusGuy mentioned this pull request Jan 30, 2025
Open
@tobbi
Copy link
Member

tobbi commented Jan 30, 2025

I still don't understand if I fucked up or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Semphriss @swagtoy @tulpenkiste @tobbi