Re: mass bug filing for undefined sn?printf use

To: debian-devel@lists.debian.org
Subject: Re: mass bug filing for undefined sn?printf use
From: Kees Cook <kees@outflux.net>
Date: Mon, 29 Dec 2008 18:05:54 -0800
Message-id: <[🔎] 20081230020554.GC21527@outflux.net>
In-reply-to: <[🔎] 20081228195145.GB24765@dario.dodds.net>
References: <[🔎] 20081228084246.GE12532@outflux.net> <[🔎] 20081228195145.GB24765@dario.dodds.net>

On Sun, Dec 28, 2008 at 01:51:45PM -0600, Steve Langasek wrote:
> On Sun, Dec 28, 2008 at 12:42:46AM -0800, Kees Cook wrote:
> > samba
> 
> Another false positive, AFAICS:
> 
> $   pcregrep -rM 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' source
> source/libads/kerberos.c:	fname = talloc_asprintf(dname, "%s/krb5.conf.%s", dname, domain);

Thanks, I've marked samba and wmi as false alarms.

> Perhaps adding a \b to the front of the regexp would be appropriate?

I didn't include a word-break intentionally; I think the benefits are
greater, since it catches luckily-named variations like g_sprintf (which
I knew of ahead of time) and ircsprintf (found during search).

-Kees

-- 
Kees Cook                                            @debian.org

Reply to:

References:
- mass bug filing for undefined sn?printf use
  - From: Kees Cook <kees@outflux.net>
- Re: mass bug filing for undefined sn?printf use
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Results for General Resolution: Lenny and resolving DFSG violations
Next by Date: Re: mass bug filing for undefined sn?printf use
Previous by thread: Re: mass bug filing for undefined sn?printf use
Next by thread: Bug#510005: ITP: touchfreeze -- a facility for disabling touchpad tap-to-click function
Index(es):
- Date
- Thread