Re: Processed: glibc: Should print a warning when using (v)sprintf
At Mon, 14 Apr 2003 20:48:08 -0500,
Debian Bug Tracking System wrote:
> > reassign 182277 glibc
> Bug#182277: gcc-3.2: Should print a warning when using (v)sprintf.
> Bug reassigned from package `binutils' to `glibc'.
>
> > tags 182277 patch
> Bug#182277: gcc-3.2: Should print a warning when using (v)sprintf.
> There were no tags set.
> Tags added: patch
Julien, you have to answer Matt Zimmerman's question:
> gets() is _inherently_ insecure (there is no way to prevent it from writing
> beyond the end of the buffer), and so it should never be used. It is
> perfectly possible, however, to use sprintf and vsprintf securely, and
> sometimes good (portability) reasons to do so.
>
> So this kind of warning is not appropriate for sprintf nor vsprintf.
I agree his opinion. Please tell me the reason.
If you don't have any strong reasons, then only I close it.
Moreover, how many programs are this warning affected?
Regards,
-- gotom
Reply to: