resource scaner found that, redis use some function like memcpy/memset/memmove, that can couse buffer overflow, why not use memcpy_s/memset_s/memmove_s those more safely function?
also found that, redis use rand and random, alse, this not safe enouth.
in file server.c
d = (double)n/(1024*1024);
sprintf(s,"%.2fM",d);
why use %.2f, a float to print a double field?
Comment From: zuiderkwast
memcpy_s was added in C11. We use C99. I believe the way we use memcpy and the others are safe.
When printing a double with two digits after the point, does it mattee if it is a float or a double? Maybe not.
Some things are not perfect but if it is no real issue, we normally don't want to change it. We want to avoid more commits, more git history and more review work. But if there is a real problem, we want to fix it.
Comment From: LittleAaron
got it, thank you very much