On Mon, 15 May 2023 18:46:00 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> Hi, > > This is a redo of JDK-8307855, where issues were found after integration. > > The sprintf is deprecated in Xcode 14, and Microsoft Virtual Studio, because > of security concerns. The issue was addressed in > [JDK-8296812](https://bugs.openjdk.org/browse/JDK-8296812) for building > failure, and > [JDK-8299378](https://bugs.openjdk.org/browse/JDK-8299378)/[JDK-8299635](https://bugs.openjdk.org/browse/JDK-8299635)/[JDK-8301132](https://bugs.openjdk.org/browse/JDK-8301132) > for testing issues . This is a break-down update for sprintf uses in the > src/utils directory. > > Thanks, > Xuelei src/utils/hsdis/binutils/hsdis-binutils.c line 248: > 246: size_t used_size = strlen(close); > 247: char* p = buf + used_size; > 248: bufsize -= used_size; May not happen in practice, but if `used_size` is larger than `bufsize` this will wrap to a very large value. Perhaps the `strcpy` above should also be an `snprintf`, and the return value handled the same way as for the subsequent `snprintf` calls? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13995#discussion_r1194394358