Re: mass bug filing for undefined sn?printf use
On Sun, Dec 28, 2008 at 01:51:45PM -0600, Steve Langasek wrote:
> On Sun, Dec 28, 2008 at 12:42:46AM -0800, Kees Cook wrote:
> > samba
> Another false positive, AFAICS:
> $ pcregrep -rM 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' source
> source/libads/kerberos.c: fname = talloc_asprintf(dname, "%s/krb5.conf.%s", dname, domain);
Thanks, I've marked samba and wmi as false alarms.
> Perhaps adding a \b to the front of the regexp would be appropriate?
I didn't include a word-break intentionally; I think the benefits are
greater, since it catches luckily-named variations like g_sprintf (which
I knew of ahead of time) and ircsprintf (found during search).
Kees Cook @debian.org