Re: mass bug filing for undefined sn?printf use

[Kees Cook <kees@outflux.net>]

On Tue, Dec 30, 2008 at 08:03:13PM +0100, Arthur de Jong wrote:
> I've just performed a test with the following code on my system (sid,
> hardening-wrapper not installed, compiled with gcc without any extra
> flags):
> 
>   char buf[20];
>   strcpy(buf,"FOO");
>   snprintf(buf,sizeof(buf),"%s%s",buf,"BAR");
>   printf("%s\n",buf);
>   strcpy(buf,"BAR");
>   snprintf(buf,sizeof(buf),"%s%s","FOO",buf);
>   printf("%s\n",buf);
> 
> which returned
> 
> BAR
> FOOFOO

Changing your code to "sprintf" (since snprintf unfortunately tends to be
in the minority still), the output for the first changes to "FOOBAR".

-- 
Kees Cook                                            @debian.org