Vincent Lefevre <vinc...@vinc17.net> wrote: > BTW, if developers use an untrusted format string, then sprintf() > is unsafe too (possible buffer overflow), and at some point, > printf() too.
what are you trying to say? are you trying to say everyone including you should review and audit and re-audit all of them? or are you saying the opposite: that we should all _give up_ trying to fix things, because some ISO commitees lack the balls to remove very dangerous features which noone actually needs, and we should just accept the imperfect world we live in? You lost me..