Ubuntu
barnowl package

  1. Bug #310800
  2. Activity log

Activity log for bug #310800

Date Who What changed Old value New value Message
2008-12-23 06:07:17 Anders Kaseorg bug added bug
2008-12-23 06:07:34 Anders Kaseorg barnowl: status New Confirmed
2008-12-23 06:07:34 Anders Kaseorg barnowl: statusexplanation
2008-12-23 06:19:36 Anders Kaseorg description Binary package hint: barnowl We have automatically detected that the barnowl source package contains an invalid use of the sprintf() or snprintf() functions with overlapping input and output, by matching the unpacked source against one of the following two regexps: . pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' pcregrep -M 'snprintf\s*\(\s*([^,]*)\s*,[^,]*,\s*"%s[^"]*"\s*,\s*\1\s*,' . An example of this kind of invalid sprintf() use is sprintf(buf, "%s plus %d", buf, k); which is likely intended to append formatted text to a buffer; however, it is invalid according to C99. When compiled with Intrepid gcc-4.3 or newer, it will silently produce unexpected results at runtime. . This example sprintf() call could be fixed as follows: -sprintf(buf, "%s plus %d", buf, k); +sprintf(buf + strlen(buf), " plus %d", k); Similarly, an invalid snprintf() call could be fixed as follows: -snprintf(buf, buflen, "%s plus %d", buf, k); +snprintf(buf + strlen(buf), buflen - strlen(buf), " plus %d", k); . Please forward this report upstream as appropriate. For more information, see https://launchpad.net/bugs/254468 http://sourceware.org/bugzilla/show_bug.cgi?id=7075 Binary package hint: barnowl We have automatically detected that the barnowl source package contains an invalid use of the sprintf() or snprintf() functions with overlapping input and output, by matching the unpacked source against one of the following two regexps: . pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' pcregrep -M 'snprintf\s*\(\s*([^,]*)\s*,[^,]*,\s*"%s[^"]*"\s*,\s*\1\s*,' . An example of this kind of invalid sprintf() use is sprintf(buf, "%s plus %d", buf, k); which is likely intended to append formatted text to a buffer; however, it is invalid according to C99. When compiled with Intrepid gcc-4.3 or newer, it will silently produce unexpected results at runtime. . This example sprintf() call could be fixed as follows: -sprintf(buf, "%s plus %d", buf, k); +sprintf(buf + strlen(buf), " plus %d", k); Similarly, an invalid snprintf() call could be fixed as follows: -snprintf(buf, buflen, "%s plus %d", buf, k); +snprintf(buf + strlen(buf), buflen - strlen(buf), " plus %d", k); . Please forward this report upstream as appropriate. For more information, see https://launchpad.net/bugs/305901 http://sourceware.org/bugzilla/show_bug.cgi?id=7075
2009-02-23 17:55:42 Anders Kaseorg barnowl: status Confirmed Fix Released
2009-02-23 17:55:42 Anders Kaseorg barnowl: statusexplanation Fixed in BarnOwl 1.0.4, and 1.0.5 is in Jaunty now.