From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15568 invoked by alias); 30 May 2011 19:16:29 -0000 Received: (qmail 15555 invoked by uid 22791); 30 May 2011 19:16:29 -0000 X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,TW_XS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from sibelius.xs4all.nl (HELO glazunov.sibelius.xs4all.nl) (83.163.83.176) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 30 May 2011 19:16:12 +0000 Received: from glazunov.sibelius.xs4all.nl (kettenis@localhost [127.0.0.1]) by glazunov.sibelius.xs4all.nl (8.14.3/8.14.3) with ESMTP id p4UJG5nX013419; Mon, 30 May 2011 21:16:06 +0200 (CEST) Received: (from kettenis@localhost) by glazunov.sibelius.xs4all.nl (8.14.3/8.14.3/Submit) id p4UJG4N2001438; Mon, 30 May 2011 21:16:04 +0200 (CEST) Date: Mon, 30 May 2011 19:16:00 -0000 Message-Id: <201105301916.p4UJG4N2001438@glazunov.sibelius.xs4all.nl> From: Mark Kettenis To: jan.kratochvil@redhat.com CC: gdbadmin@sourceware.org, gdb-patches@sourceware.org In-reply-to: <20110530183455.GA26393@host1.jankratochvil.net> (message from Jan Kratochvil on Mon, 30 May 2011 20:34:55 +0200) Subject: Re: New ARI warning Sat May 28 01:53:47 UTC 2011 References: <20110528015347.GA10123@sourceware.org> <20110530183455.GA26393@host1.jankratochvil.net> Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-05/txt/msg00687.txt.bz2 > Date: Mon, 30 May 2011 20:34:55 +0200 > From: Jan Kratochvil > > On Sat, 28 May 2011 03:53:47 +0200, GDB Administrator wrote: > > 439a440 > > > gdb/linux-nat.c:2368: code: sprintf: Do not use sprintf, instead use xstrprintf > > gdb/linux-nat.c:2368: sprintf (buffer, ', lwp); > > This is by me: > char buffer[MAXPATHLEN]; > sprintf (buffer, "/proc/%ld/status", lwp); > > I find the code perfectly correct, as I was told the ARI checks are only > differential I hope it can be kept as is. Sorry, no. Please replace this with a call to xsnprintf. While this particular call may be safe, people will have to check again and again that it is whenever they audit the code in the future. Replacing it with xsnprintf prevents that.