Open m13253 opened 9 years ago
Yes, I think it is necessary to take your suggestion.
Well, this is a problem which really needed to be solved. I didn't think a lot when I wrote it. This is my fault. BTW, I think it needs a great amount of work if we fix the problem. This is my fault, and I don't know whether it will cause the whole program a great reconstruct.
Anyway, thanks @m13253 @biergaizi a lot. We will try our best to fix it.
@lmy441900
Since our code aims to run on both Linux and Windows, I suggest you take a look at libWinTF8.
I have just updated libWinTF8 today to suite your needs (including access
function and 8.3 short filename generation).
I would like to cooperate with you to make the program more portable and safe.
Could you tell me from which the refactor should start first? I want to work with you.
@m13253 I have had a look at libWinTF8, and it is pretty good. As for the refactor, I have no idea about it. You can modify the code as you please.
Anyway, a great thanks to your participation.
@biergaizi and I have just read init.c@7a4639a and we have found:
system
to spawn child processesI suggest you use libWinTF8, which is written and fine-tuned by me, to satisfy the portability among Windows, OS X and Linux with Unicode support.
Consider these line in
init.c
:Constructing command line arguments without escaping is dangerous. And
system
may fail if the installation path is unable to be represented in local charset. Let's look at the comment/* WTF after 7-Zip failed it still returns 0! */
. That's true. According to MSDN,system
does not track the return value of child process unlike in POSIX systems. Further, the buffertmp
may not be large enough. Buffer overflow is dangerous.Luckily, libWinTF8 solves the above problems in these ways:
fopen
,remove
,getenv
supporting UTF-8 strings as filenamesspawnvp
, which constructs the command line for you from an array (using an internal portablevasprintf
implementation), according to the specification by Microsoft on escaping safelywaitpid
, which tracks child process and its return valueAlthough libWinTF8 is written in C++, it provides an identical C interface. libWinTF8 builds on GCC, Clang as well as MSVC 12 and by default generates a static library (
.a
).Take my suggestions into consideration and thank you.