[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/45660: Overlapping buffer in catman.c.
The following reply was made to PR bin/45660; it has been noted by GNATS.
From: Alan Barrett <apb%cequrux.com@localhost>
Subject: Re: bin/45660: Overlapping buffer in catman.c.
Date: Tue, 27 Dec 2011 14:46:13 +0200
On Sun, 27 Nov 2011, Christian Biere wrote:
> I assume the missing constant format string argument at the first
> snprintf() in makecat() is actually a bug. I'm sure the compiler
> is warning about this.
The buildcmd argument to the makecat() function in catman.c is
taken from a "_build" line in man.conf, in which "%s" stands for
the name of the file to be formatted. Using this string as a
format argument to sprintf is unsafe (there may be escapes other
than %s, or more than one %s), but it's less wrong than treating
it as a constant string and not expanding any %s at all.
--apb (Alan Barrett)
Main Index |
Thread Index |