6 Sep
2018
6 Sep
'18
3:43 p.m.
On Thu, Sep 6, 2018 at 6:28 PM, Huw Davies huw.davies@physics.ox.ac.uk wrote:
I suggest we do the sprintf ourselves. All we'd need to do is replace the first occurrence of '%s' with the appropriate string. We can ignore width/precision specifiers for now unless we find that an app actually depends on them.
You mean you want the code itself to replace the %s with the string without using sprintf? But then %12s wouldn't work, though I don't think it's really useful... but if you're really fine with that I'll go and do it.
This way we won't need patch 4/17 either (which guards against multiple such args, e.g. two %s would use some string off the stack which can lead to crash or vulnerability) since the rest will simply be displayed as %s.