[Zlib-devel] gzprintf() bug/"feature"
Mark Adler
mark.adler at quest.jpl.nasa.gov
Thu Mar 13 01:31:00 EST 2003
On Wednesday, March 12, 2003, at 11:14 PM, Greg Roelofs wrote:
> What's the status of the gzprintf() buffer-overrun bug? Is vsnprintf()
> now turned on by default on platforms that support it?
Yes. And when ./configure is run it will warn you if an insecure
version of printf is being used. It would be nice if someone with a
compiler that in fact doesn't have snprint() or vsnprintf() could
verify that. By the way, I also rigged it so that if you don't run
./configure, it will try to use vsnprintf() or snprintf() by default,
so if they aren't present it will result in an error if you ever try to
link gzprintf().
mark
More information about the Zlib-devel
mailing list