Dear all, I am updating a CRAN-archived R package, so it can get back to CRAN. But there is a warning produced in Linux OS that I am not sure to understand and I do not know how to solve, even after looking at ‘Writing portable packages’ in the ‘Writing R Extensions’ manual and after searching in the web. The warning is
> * checking compiled code ... WARNING > File ‘ccckc/libs/ccckc.so’: > Found ‘sprintf’, possibly from ‘sprintf’ (C) > Object: ‘criteria.o’ > > Compiled code should not call entry points which might terminate R nor > write to stdout/stderr instead of to the console, nor use Fortran I/O > nor system RNGs nor [v]sprintf. > See ‘Writing portable packages’ in the ‘Writing R Extensions’ manual. The package contains both C and Fortran code and in the criteria.c there is only a sprintf use, as follows: sprintf(msg,"criteria: error (%d) -> %s\n", inErr, errStr); Rf_error(msg); May be the reason of the warning the next line the ‘Writing R Extensions’ manual? > Use ofsprintfandvsprintfis regarded as a potential security risk and warned > about on some > platforms.[82](https://cran.r-project.org/doc/manuals/R-exts.html#FOOT82)R > CMD checkreports if any calls are found. If that is the reason, is there any alternative to the use of sprintf? Anyway, what can I do? Thanks you in advance for your time. Kind regards, Iago Sent with [Proton Mail](https://proton.me/) secure email. [[alternative HTML version deleted]] ______________________________________________ R-package-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-package-devel