Date: Wed, 8 Sep 2010 08:51:57 -0700 From: mdf@FreeBSD.org To: freebsd-current@freebsd.org Subject: deprecating sprintf(9) Message-ID: <AANLkTikO1v7YMFKVZkHZDmurcyfq0QbTkPxG=LNBdKSp@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Looking at the uses of kvprintf(9), only [v]sprintf(9) doesn't have a callback function. It seems a little sketchy to me to be doing unsafe sprintf in the kernel anyways. Should we (and by we, I mean me) deprecate sprintf(9) and convert the existing 1200+ uses to strcpy(9) for fixed strings (also potentially bad, but a different beast), or snprintf(9) where the size of the buffer is known? It seems like a large project, but OTOH sprintf(9) is mighty unsafe in the kernel. It's disapproved of for user-space as being unsafe for security reasons as well, but the potential downsides aren't the same, and we'll never clean up ports anyways. :-) Thoughts? matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikO1v7YMFKVZkHZDmurcyfq0QbTkPxG=LNBdKSp>