all repos — slstatus @ 25eb9ff35e76312b09ff5613c9a3cc1275938680

my build of slstatus (tools.suckless.org/slstatus/) 

FIXME: buffer overflow warning
Ali H. Fardan raiz@firemail.cc
Sun, 28 Aug 2016 16:30:12 +0300
commit

25eb9ff35e76312b09ff5613c9a3cc1275938680

parent

24c4134df6e0f7dc86e5f3c57342d2b60b1e5dab

1 files changed, 7 insertions(+), 7 deletions(-)

jump to
M slstatus.cslstatus.c 
@@ -78,17 +78,17 @@ 
 static char *
 smprintf(const char *fmt, ...)
 {
-	va_list fmtargs;
-	char tmp[120];
+	/* FIXME: This code should have
+	bound checks, it is vulnerable to
+	buffer overflows */
+	va_list ap;
 	char *ret = NULL;
 
-	va_start(fmtargs, fmt);
-	snprintf(tmp, sizeof(tmp)-1, fmt, fmtargs);
-	tmp[sizeof(tmp)] = '\0';
-	if (asprintf(&ret, "%s", tmp) < 0)
+	va_start(ap, fmt);
+	if (vasprintf(&ret, fmt, ap) < 0)
 		return NULL;
 
-	va_end(fmtargs);
+	va_end(ap);
 	return ret;
 }