Bug#182277: gcc-3.2: Should print a warning when using (v)sprintf.
Package: gcc-3.2
Version: 1:3.2.3-0pre1
Severity: normal
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As noted in the corresponding man page, the 'sprintf' and 'vsprintf' functions are
insecure, and should not be used. I suggest that gcc print a warning when compiling
code in which they are used, as it already does with 'gets' (also insecure).
- -- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux cornerstone 2.4.19 #3 Sat Jan 25 06:26:18 PST 2003 i686
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages gcc-3.2 depends on:
ii binutils 2.13.90.0.18-1 The GNU assembler, linker and bina
ii cpp-3.2 1:3.2.3-0pre1 The GNU C preprocessor
ii gcc-3.2-base 1:3.2.3-0pre1 The GNU Compiler Collection (base
ii libc6 2.3.1-11 GNU C Library: Shared libraries an
ii libgcc1 1:3.2.3-0pre1 GCC support library
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+Wde8tHQW4HWNftkRApKUAJ48LxVMp39GRutrfgn7yH2nPUBcwACgg5wB
V7Qa4p7aznoNXvxf7zAWOo0=
=ByP2
-----END PGP SIGNATURE-----
Reply to: