subject: Invalid use of sprintf() in $pack breaks with Intrepid gcc-4.3
assignee: 
status: confirmed
subscribers: 
tags: sprintf-append
buglist-url: http://bugs.launchpad.net/ubuntu/+bugs?field.tag=sprintf-append
text:
 We have automatically detected that the $pack source package
 contains an invalid use of the sprintf() or snprintf() functions with
 overlapping input and output, by matching the unpacked source against
 one of the following two regexps:
 .
  pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,'
  pcregrep -M 'snprintf\s*\(\s*([^,]*)\s*,[^,]*,\s*"%s[^"]*"\s*,\s*\1\s*,'
 .
 An example of this kind of invalid sprintf() use is
  sprintf(buf, "%s plus %d", buf, k);
 which is likely intended to append formatted text to a buffer;
 however, it is invalid according to C99.  When compiled with Intrepid
 gcc-4.3 or newer, it will silently produce unexpected results at
 runtime.
 .
 This example sprintf() call could be fixed as follows:
  -sprintf(buf, "%s plus %d", buf, k);
  +sprintf(buf + strlen(buf), " plus %d", k);
 Similarly, an invalid snprintf() call could be fixed as follows:
  -snprintf(buf, buflen, "%s plus %d", buf, k);
  +snprintf(buf + strlen(buf), buflen - strlen(buf), " plus %d", k);
 .
 Please forward this report upstream as appropriate.  For more
 information, see
  https://launchpad.net/bugs/305901
  http://sourceware.org/bugzilla/show_bug.cgi?id=7075