Dasn wrote:
> Hi guys,
> When compiling Vim on obsd, the linker always complains:
>> objects/netbeans.o(.text+0x3f00): In function `coloncmd':
>> /home/dasn/pool/src/vim7/src/netbeans.c:2588: warning: vsprintf() is often
>> misused, please use vsnprintf()
2585 char buf[1024];
2586 va_list ap;
2587
2588 va_start(ap, cmd);
2589 vsprintf(buf, cmd, ap);
We can write it as:
vim_vsnprintf(buf, sizeof(buf), cmd, ap, NULL);
There is only 1 other use of vsprintf() left in os_mswin.c
so it's worth changing both of them.
>> /usr/local/lib/libpython2.6.so.1.0: warning: tmpnam() possibly used
>> unsafely; consider using mkstemp()
>> /usr/local/lib/libpython2.6.so.1.0: warning: tempnam() possibly used
>> unsafely; consider using mkstemp()
These are not in Vim's code but in libpython.
>> objects/buffer.o(.text+0xef5): In function `do_bufdel':
>> /home/dasn/pool/src/vim7/src/buffer.c:879: warning: strcpy() is almost
>> always misused, please use strlcpy()
879 STRCPY(IObuff, _("E515: No buffers were unloaded"));
Translations of message do not exceed IOSIZE characters so in practice
there is no risk.
We could use...
vim_strncpy(IObuff, _("E515: No buffers were unloaded"), IOSIZE - 1);
... but there are many other use of STRCPY(...) elswhere anyway, and
most (if not all) of them are safe.
>> objects/buffer.o(.text+0x4393): In function `maketitle':
>> /home/dasn/pool/src/vim7/src/buffer.c:3172: warning: strcat() is almost
>> always misused, please use strlcat()
3107 char_u buf[IOSIZE];
...
3172 case 1: STRCAT(buf, " +"); break;
There can't be an overflow here I think. But if we want to get rid of
the warning, it can be replaced with:
case 1: STRNCAT(buf, " +", sizeof(buf)); break;
Again, there are many other use of STRCAT(...) anyway.
>> objects/eval.o(.text+0x18f8): In function `list_buf_vars':
>> /home/dasn/pool/src/vim7/src/eval.c:2063: warning: sprintf() is often
>> misused, please use snprintf()
2058 char_u numbuf[NUMBUFLEN];
2059
2060 list_hashtable_vars(&curbuf->b_vars.dv_hashtab, (char_u *)"b:",
2061
TRUE, first);
2062
2063 sprintf((char *)numbuf, "%ld", (long)curbuf->b_changedtick);
Line 2063 can be replaced with:
vim_snprintf((char *)numbuf, NUMBUFLEN, "%ld", (long)curbuf->b_changedtick);
There are many other use of sprintf(...).
>> link.sh: Linked fine with a few libraries removed
>> cd xxd; CC="gcc" CFLAGS="-I/usr/local/include -Wall -pipe -g" make -f
>> Makefile
>> gcc -Wall -pipe -DUNIX -o xxd xxd.c
>> /tmp//ccvImOKT.o(.text+0x4cd): In function `xxdline':
>> : warning: strcpy() is almost always misused, please use strlcpy()
Again, there are many other places which call strcpy(...).
>> /tmp//ccvImOKT.o(.text+0x16c4): In function `main':
>> : warning: sprintf() is often misused, please use snprintf()
>
> I know those are very common warnings when making applications (I mean
> ports) on obsd. But, since I think Bram considers warnings seriously, I
> decide to report it. Any comments? :)
Since there are many places that would need to be changed
to get rid of these warnings, I suspect that the risk of introducing
a new bug exceeds the risk of getting rid of a real bug. But let's
see what Bram thinks.
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
