From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 51259385AE64; Thu, 23 Jun 2022 15:42:44 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 51259385AE64
From: "sean@rogue-research.com" <sourceware-bugzilla@sourceware.org>
To: bzip2-devel@sourceware.org
Subject: [Bug bzip2/29280] New: Replace sprintf with safer snprintf
Date: Thu, 23 Jun 2022 15:42:44 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: bzip2
X-Bugzilla-Component: bzip2
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: sean@rogue-research.com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: nobody at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter cc target_milestone
Message-ID: <bug-29280-11876@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: bzip2-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Bzip2-devel mailing list <bzip2-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/bzip2-devel>,
 <mailto:bzip2-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/bzip2-devel/>
List-Help: <mailto:bzip2-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/bzip2-devel>,
 <mailto:bzip2-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2022 15:42:44 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D29280

            Bug ID: 29280
           Summary: Replace sprintf with safer snprintf
           Product: bzip2
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: bzip2
          Assignee: nobody at sourceware dot org
          Reporter: sean@rogue-research.com
                CC: bzip2-devel at sourceware dot org
  Target Milestone: ---

bzip2 has one call to sprintf in git master.

sprintf is dangerous because it's easy to overrun the buffer.  Building on
OpenBSD and macOS produce compiler warnings upon any use of the function.

Would be nice to change this one use to snprintf, which takes the buffer si=
ze.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=