This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [Patch, libfortran] Replace sprintf() with snprintf()

From: Jerry DeLisle <jvdelisle at frontier dot com>
To: Janne Blomqvist <blomqvist dot janne at gmail dot com>
Cc: Fortran List <fortran at gcc dot gnu dot org>, GCC Patches <gcc-patches at gcc dot gnu dot org>
Date: Fri, 15 Apr 2011 05:34:28 -0700
Subject: Re: [Patch, libfortran] Replace sprintf() with snprintf()
References: <BANLkTim1Z06Edetw=pUZmKhNrVsoaS0Vog@mail.gmail.com>

On 04/14/2011 11:53 PM, Janne Blomqvist wrote:

Hi,

as is well known, sprintf() is prone to buffer overflow, hence
snprintf(). libgfortran uses snprintf() in some places, but not
everywhere. Rather than analyzing every sprintf() call for a potential
overflow, the attached patch takes the dogmatic but simple approach of
replacing all the remaining sprintf() usage with snprintf().

For targets without snprintf(), io/list_read.c contained a fallback
macro that uses sprintf(); this is moved to libgfortran.h so that it's
available everywhere.

readelf -s libgfortran.so|grep sprintf

confirms that there is no remaining usage of sprintf().

Regtested on x86_64-unknown-linux-gnu, Ok for trunk?

OK, thanks.

Jerry

References:
- [Patch, libfortran] Replace sprintf() with snprintf()
  - From: Janne Blomqvist

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]