On Thu, Sep 6, 2018 at 6:28 PM, Huw Davies <huw.davies(a)physics.ox.ac.uk> wrote:
I suggest we do the sprintf ourselves. All we'd need to do is replace the first occurrence of '%s' with the appropriate string. We can ignore width/precision specifiers for now unless we find that an app actually depends on them.
You mean you want the code itself to replace the %s with the string without using sprintf? But then %12s wouldn't work, though I don't think it's really useful... but if you're really fine with that I'll go and do it. This way we won't need patch 4/17 either (which guards against multiple such args, e.g. two %s would use some string off the stack which can lead to crash or vulnerability) since the rest will simply be displayed as %s.