On Thu, Nov 21, 2013 at 2:04 AM, Florian Weimer <fweimer(a)redhat.com> wrote:
On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
> Well, the code is inelegant:
>
> sprintf(path + len, formatted_name);
>
> looks better and avoids the warning if you write it as
>
> sprintf(&(path[len]), "%s", formatted_name);
>
> which should lead the reader to reflect on whether it makes sense to
> prevent buffer overflow by
> using %NNs to limit the size of appended name so that it fits within the
> limits of the path buffer.
You should be using snprintf anyway. And neither sprintf nor snprintf are
really suitable for build strings piece-by-piece, unfortunately.
Anyway, adding the "%s" trades a bit of text segment size increase for a
likely decrease in execution time because the non-format-string argument
does not have to be parsed for format strings.
Thanks for the suggestions, everyone. I have added a patch to fix
this for abe. I also pulled a patch for apron from upstream, which
had already fixed their code, and made a patch for cmusphinx which I
also submitted upstream. So there's 3 packages you can cross off the
list.
Regards,
--
Jerry James
http://www.jamezone.org/