On Wed, Dec 31, 2008 at 07:01:44PM -0800, Nicholas Breen wrote: > While fixing one of the affected packages, I discovered that it was > using similarly problematic syntax to act as a strcat replacement of the > form 'sprintf(buf, "%s\n", buf)', which that regexp didn't catch. I > can't imagine that's a common mistake, but it's easy enough to match on > as well: > > pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*[,)]'
Oh! Good catch, thank you. I've started a re-run with the regex changed. So far, it's already caught new stuff. I'll post updated details once it has finished. -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org