Re: mass bug filing for undefined sn?printf use

To: Nicholas Breen <nbreen@ofb.net>
Cc: debian-devel@lists.debian.org
Subject: Re: mass bug filing for undefined sn?printf use
From: Kees Cook <kees@outflux.net>
Date: Thu, 1 Jan 2009 10:50:49 -0800
Message-id: <[🔎] 20090101185049.GK21527@outflux.net>
In-reply-to: <[🔎] 20090101030144.GA23247@ofb.net>
References: <20081228084246.GE12532@outflux.net> <[🔎] 20090101030144.GA23247@ofb.net>

On Wed, Dec 31, 2008 at 07:01:44PM -0800, Nicholas Breen wrote:
> While fixing one of the affected packages, I discovered that it was
> using similarly problematic syntax to act as a strcat replacement of the
> form 'sprintf(buf, "%s\n", buf)', which that regexp didn't catch.  I
> can't imagine that's a common mistake, but it's easy enough to match on
> as well:
> 
>   pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*[,)]'

Oh!  Good catch, thank you.  I've started a re-run with the regex changed.
So far, it's already caught new stuff.  I'll post updated details once it
has finished.

-- 
Kees Cook                                            @debian.org

Reply to:

Follow-Ups:
- Re: mass bug filing for undefined sn?printf use
  - From: "Paul Wise" <pabs@debian.org>
- Re: (UPDATED) mass bug filing for undefined sn?printf use
  - From: Kees Cook <kees@debian.org>

References:
- Re: mass bug filing for undefined sn?printf use
  - From: nbreen@ofb.net (Nicholas Breen)

Prev by Date: Bug#510426: ITP: fookebox -- A jukebox-style web-frontend to mpd
Next by Date: Re: Bug#510408: ITP: biew -- console hex viewer/editor with disassembler
Previous by thread: Re: mass bug filing for undefined sn?printf use
Next by thread: Re: mass bug filing for undefined sn?printf use
Index(es):
- Date
- Thread