NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/45660: Overlapping buffer in catman.c.

The following reply was made to PR bin/45660; it has been noted by GNATS.

From: Alan Barrett <>
Subject: Re: bin/45660: Overlapping buffer in catman.c.
Date: Tue, 27 Dec 2011 14:46:13 +0200

 On Sun, 27 Nov 2011, Christian Biere wrote:
 > I assume the missing constant format string argument at the first
 > snprintf() in makecat() is actually a bug. I'm sure the compiler
 > is warning about this.
 The buildcmd argument to the makecat() function in catman.c is 
 taken from a "_build" line in man.conf, in which "%s" stands for 
 the name of the file to be formatted.  Using this string as a 
 format argument to sprintf is unsafe (there may be escapes other 
 than %s, or more than one %s), but it's less wrong than treating 
 it as a constant string and not expanding any %s at all.
 --apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index