On Thu, Nov 21, 2013 at 2:04 AM, Florian Weimer <fweimer@xxxxxxxxxx> wrote: > On 11/20/2013 06:45 PM, Przemek Klosowski wrote: >> Well, the code is inelegant: >> >> sprintf(path + len, formatted_name); >> >> looks better and avoids the warning if you write it as >> >> sprintf(&(path[len]), "%s", formatted_name); >> >> which should lead the reader to reflect on whether it makes sense to >> prevent buffer overflow by >> using %NNs to limit the size of appended name so that it fits within the >> limits of the path buffer. > > > You should be using snprintf anyway. And neither sprintf nor snprintf are > really suitable for build strings piece-by-piece, unfortunately. > > Anyway, adding the "%s" trades a bit of text segment size increase for a > likely decrease in execution time because the non-format-string argument > does not have to be parsed for format strings. Thanks for the suggestions, everyone. I have added a patch to fix this for abe. I also pulled a patch for apron from upstream, which had already fixed their code, and made a patch for cmusphinx which I also submitted upstream. So there's 3 packages you can cross off the list. Regards, -- Jerry James http://www.jamezone.org/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
