<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/20/2013 11:13 AM, Jerry James
wrote:<br>
</div>
<blockquote
cite="mid:CAHCOHQkZYM11OExUGnkat+OyTjZR_sY+gZbw2kWFb3T4zUXEOQ@mail.gmail.com"
type="cite">
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant
strings
into the function, which passes those constant strings to
sprintf().
The function's purpose is to produce a pathname for a file of
interest
to the caller in the game's installed location. It's too bad that
gcc's analysis cannot span function calls inside a compilation
unit.
There really is nothing wrong with this code.
</blockquote>
Well, the code is inelegant: <br>
<pre> sprintf(path + len, formatted_name);
looks better and avoids the warning if you write it as
sprintf(&(path[len]), "%s", formatted_name);
which should lead the reader to reflect on whether it makes sense to prevent buffer overflow by
using %NNs to limit the size of appended name so that it fits within the limits of the path buffer.
</pre>
</body>
</html>