Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update stb_include.h #1750

Open
junghans opened this issue Feb 23, 2025 · 1 comment
Open

Update stb_include.h #1750

junghans opened this issue Feb 23, 2025 · 1 comment
Labels
4 enhancement

Comments

@junghans
Copy link

Fedora is not packaging stb_include.h anymore, due to:

# We choose not to package the “stb_include” library (stb_include.h) because,
# during the package review, it was observed that it follows coding practices
# that make it dangerous to use on untrusted inputs, including but not limited
# to:
#
# - It uses of strcat/strcpy into a fixed-length buffer that is assumed (but
#   not proven) to be large enough for all possible uses
# - It ignores I/O errors (possibly leading to undefined behavior from reading
#   uninitialized memory), and so on.
#
# A substantial rewrite would be required to mitigate these concerns. If a
# request for this library arises, this decision may be revisited, or the
# necessary rewrite may be done and offered upstream. For now, we omit the
# library and expect it will not be missed.

(from https://src.fedoraproject.org/rpms/stb/blob/rawhide/f/stb.spec#_4).

Could that be fixed?
@RobLoach
Copy link
Contributor

Copy and paste the file into your own project, and use the local one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
4 enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RobLoach @junghans