[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mass bug filing for undefined sn?printf use

On Sun, Dec 28, 2008 at 01:51:45PM -0600, Steve Langasek wrote:
> On Sun, Dec 28, 2008 at 12:42:46AM -0800, Kees Cook wrote:
> > samba
> Another false positive, AFAICS:
> $   pcregrep -rM 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' source
> source/libads/kerberos.c:	fname = talloc_asprintf(dname, "%s/krb5.conf.%s", dname, domain);

Thanks, I've marked samba and wmi as false alarms.

> Perhaps adding a \b to the front of the regexp would be appropriate?

I didn't include a word-break intentionally; I think the benefits are
greater, since it catches luckily-named variations like g_sprintf (which
I knew of ahead of time) and ircsprintf (found during search).


Kees Cook                                            @debian.org

Reply to: