[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#182277: gcc-3.2: Should print a warning when using (v)sprintf.

Package: gcc-3.2
Version: 1:3.2.3-0pre1
Severity: normal
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As noted in the corresponding man page, the 'sprintf' and 'vsprintf' functions are
insecure, and should not be used. I suggest that gcc print a warning when compiling
code in which they are used, as it already does with 'gets' (also insecure).

- -- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux cornerstone 2.4.19 #3 Sat Jan 25 06:26:18 PST 2003 i686
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages gcc-3.2 depends on:
ii  binutils                  2.13.90.0.18-1 The GNU assembler, linker and bina
ii  cpp-3.2                   1:3.2.3-0pre1  The GNU C preprocessor
ii  gcc-3.2-base              1:3.2.3-0pre1  The GNU Compiler Collection (base 
ii  libc6                     2.3.1-11       GNU C Library: Shared libraries an
ii  libgcc1                   1:3.2.3-0pre1  GCC support library

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Wde8tHQW4HWNftkRApKUAJ48LxVMp39GRutrfgn7yH2nPUBcwACgg5wB
V7Qa4p7aznoNXvxf7zAWOo0=
=ByP2
-----END PGP SIGNATURE-----
Reply to: