On 07/28/11 07:44, Daniel Macks wrote:
> printf(foo);
>
> is considered a potential security risk if foo is a variable rather than a
> simple quoted string. The solution is to do:
>
> printf("%s", foo);I'm afraid this bug report is rather vague; without knowing the details of which printf call we're talking about, there's not much we can do. Certainly there are some calls to printf-like functions where the above transformation would break things, as FOO is supposed to be a format.
