[Bug other/83520] format string bug in libvtv

["jakub at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83520

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
There is another
  snprintf (program_name, sizeof (program_name), program_invocation_name);
elsewhere, also
  /* Find the first non-escaped space in the program name and make it
     the end of the string.  */
  cptr = strchr (program_name, ' ');
  if (cptr != NULL && cptr[-1] != '\\')
    cptr[0] = '\0';
stuff (what would escape anything in the program_invocation_name or getexecname
() result)?
GNU C library certainly doesn't and doesn't append any arguments there either,
so at least for glibc it should just use program_name instead of
program_invocation_name and remove this copying and munging.  Just tried
running a program with spaces in the filename and nothing was escaped.
Now, if there is anything that actually escapes, then it should be done only on
targets where it is escaped, and I'd expect that \s in that case would be two
backslash characters, so running 'abc\' program with argument 'def' would
result in "abc\\\\ def" program_name.  The condition also doesn't find the
first non-escaped space, just checks if the first space isn't even potentially
escaped, otherwise does nothing.
In the second case with
  snprintf (program_name, sizeof (program_name), program_invocation_name);
there is no attempt to do modify program_name in any way, so I don't see any
reason not to use program_invocation_name directly and avoid any copying
whatsoever.