On Mon, 2013-12-09 at 15:59 -0700, Rich Megginson wrote:
> On 12/09/2013 03:33 PM, Przemek Klosowski wrote:
>
> > On 12/06/2013 09:21 AM, Ralf Corsepius wrote:
> >
> > >
> > > printf(string) is legitimate C, forcing "printf("%s", string) is
> > > just silly.
> > >
> > My apologies for being repetitive, but the original point is that
> > printf(string) is insecure unless you can guarantee that you control
> > 'string' now and forever. Also, %s is the format for printing
> > strings, so I just can't agree that coding printf("%s", string) is
> > silly.
>
> Silly is not the right word. printf("%s", string) is inefficient. In
> this case, it would be better to use puts/fputs.
>
unless something has changed recently fputs and puts just like gets and
fgets have been deprecated and are discouraged due to potential security
issues.
> >
> >
>
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
