On 2022-12-16 09:03:39 -0700, Theo de Raadt wrote:
> Vincent Lefevre wrote:
>
> > BTW, if developers use an untrusted format string, then sprintf()
> > is unsafe too (possible buffer overflow), and at some point,
> > printf() too.
>
> what are you trying
On 2022-12-15 18:56:15 -0700, Theo de Raadt wrote:
> There are almost no %n left in the software ecosystem. If we are able
> to make this crossing, everyone else is also capable, and eventually
> will. Just like with gets().
FYI, this breaks GMP, whose configure script insists on %n being
>Synopsis: incorrect MPFR build with thread-local storage and shared
>library
>Category: mips64
>Environment:
System : OpenBSD 6.9
Details : OpenBSD 6.9 (GENERIC.MP) #551: Sun Apr 18 03:06:59 MDT
2021
