Think about what happens if:
char s = "%s";
So the first version is more secure then the second.
The second works only if s doesn't contain printf formatting character
Maarten Brock wrote:
> Hi all,
> I found this difference in for instance as/mcs51/asout.c vs. as/z80/asout.c function outbuf(). The
> mcs51 uses:
> fprintf (ofp, "%s", s);
> The other uses:
> fprintf (ofp, s);
> The differences are there from their first commit. Is there a preferred syntax and why? Has it to do
> with buffer overrun vulnerabilities?