[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Processed: glibc: Should print a warning when using (v)sprintf

At Mon, 14 Apr 2003 20:48:08 -0500,
Debian Bug Tracking System wrote:
> > reassign 182277 glibc
> Bug#182277: gcc-3.2: Should print a warning when using (v)sprintf.
> Bug reassigned from package `binutils' to `glibc'.
> 
> > tags 182277  patch
> Bug#182277: gcc-3.2: Should print a warning when using (v)sprintf.
> There were no tags set.
> Tags added: patch

Julien, you have to answer Matt Zimmerman's question:

> gets() is _inherently_ insecure (there is no way to prevent it from writing
> beyond the end of the buffer), and so it should never be used.  It is
> perfectly possible, however, to use sprintf and vsprintf securely, and
> sometimes good (portability) reasons to do so.
> 
> So this kind of warning is not appropriate for sprintf nor vsprintf.

I agree his opinion.  Please tell me the reason.
If you don't have any strong reasons, then only I close it.

Moreover, how many programs are this warning affected?

Regards,
-- gotom
Reply to: