On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
On 11/20/2013 11:13 AM, Jerry James wrote:
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant strings
into the function, which passes those constant strings to sprintf().
The function's purpose is to produce a pathname for a file of interest
to the caller in the game's installed location. It's too bad that
gcc's analysis cannot span function calls inside a compilation unit.
There really is nothing wrong with this code.
Well, the code is inelegant:
sprintf(path + len, formatted_name);
looks better and avoids the warning if you write it as
sprintf(&(path[len]), "%s", formatted_name);
which should lead the reader to reflect on whether it makes sense to prevent buffer overflow by
using %NNs to limit the size of appended name so that it fits within the limits of the path buffer.
You should be using snprintf anyway. And neither sprintf nor snprintf
are really suitable for build strings piece-by-piece, unfortunately.
Anyway, adding the "%s" trades a bit of text segment size increase for a
likely decrease in execution time because the non-format-string argument
does not have to be parsed for format strings.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
