|
On 11/20/2013 11:13 AM, Jerry James
wrote:
path_sprintf(), which is static in Game.c. All callers of that function are visible in the same file, and all pass constant strings into the function, which passes those constant strings to sprintf(). The function's purpose is to produce a pathname for a file of interest to the caller in the game's installed location. It's too bad that gcc's analysis cannot span function calls inside a compilation unit. There really is nothing wrong with this code.Well, the code is inelegant: sprintf(path + len, formatted_name); looks better and avoids the warning if you write it as sprintf(&(path[len]), "%s", formatted_name); which should lead the reader to reflect on whether it makes sense to prevent buffer overflow by using %NNs to limit the size of appended name so that it fits within the limits of the path buffer. |
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
