Public bug reported: Binary package hint: barnowl
We have automatically detected that the barnowl source package contains an invalid use of the sprintf() or snprintf() functions with overlapping input and output, by matching the unpacked source against one of the following two regexps: . pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' pcregrep -M 'snprintf\s*\(\s*([^,]*)\s*,[^,]*,\s*"%s[^"]*"\s*,\s*\1\s*,' . An example of this kind of invalid sprintf() use is sprintf(buf, "%s plus %d", buf, k); which is likely intended to append formatted text to a buffer; however, it is invalid according to C99. When compiled with Intrepid gcc-4.3 or newer, it will silently produce unexpected results at runtime. . This example sprintf() call could be fixed as follows: -sprintf(buf, "%s plus %d", buf, k); +sprintf(buf + strlen(buf), " plus %d", k); Similarly, an invalid snprintf() call could be fixed as follows: -snprintf(buf, buflen, "%s plus %d", buf, k); +snprintf(buf + strlen(buf), buflen - strlen(buf), " plus %d", k); . Please forward this report upstream as appropriate. For more information, see https://launchpad.net/bugs/254468 http://sourceware.org/bugzilla/show_bug.cgi?id=7075 ** Affects: barnowl (Ubuntu) Importance: Undecided Status: Confirmed ** Changed in: barnowl (Ubuntu) Status: New => Confirmed -- Invalid use of sprintf() in barnowl breaks with Intrepid gcc-4.3 https://bugs.launchpad.net/bugs/310800 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
