On Thu, Apr 11, 2024 at 03:10:57PM -0700, Justin Stitt wrote:
> On Thu, Apr 11, 2024 at 1:56 PM Joe Perches <j...@perches.com> wrote:
> > It could.
> >
> > # {v}snprintf uses that should likely be {v}scnprintf
> > if ($line =~ /\b((v?)snprintf)\s*\(/) {
> > WARN("SNPRINTF",
> > "Prefer ${2}scnprintf over $1 - see:
> > https://github.com/KSPP/linux/issues/105\n"; . $herecurr);
> > }
> >
> >
> >
> > Though I also think it's better to use lore rather than github
>
> I am fine with making the UX change in v5 regarding using ${2} and $1
> but I wish someone could have said something about the Github links
> earlier, we already have a pattern going with these string api
> changes:
>
> "Prefer strscpy over strcpy - see:
> https://github.com/KSPP/linux/issues/88\n"; . $herecurr);
> }
KSPP isn't going anywhere -- we've used these links before and we can
use them here too. I don't see any good reason to duplicate stuff into
lore, etc.
--
Kees Cook
