On Tue, Nov 22, 2016 at 5:07 PM, Rich Felker <dal...@libc.org> wrote: >> Different projects choose their paranoias differently. >> >From its inception, bbox was paranoid about code size. >> >> If you see an actual bug where buffer can overflow, >> I'm more than willing to fix it. >> >> But if there is no actual bug, and it's just a general concern >> that "it looks unsafe", then code size trumps it. > > Have you stopped to consider the size from pulling in the deprecated > sprintf function to begin with? If all references to it were removed, > then static-linked busybox would only have snprintf, not sprintf. On > musl/i386 this would only save about 50 bytes but it might save more > on other archs or libcs.
I found nearly 200 instances of sprintf() use in current bbox git. I'm not embarking on a quest to replace all of them. _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox