#63 missing double-quotes for sprintf formatting strings

closed-fixed
None
3
2009-06-22
2009-06-20
orbitcowboy
No

Hello,

i have checked the sources of expect-5.44.1 with the static code analysis tool cppcheck. The tool brought up a little issue in file:"pty_unicos.c".
It prints the following output:

[expect-5.44.1/pty_unicos.c:94]: (error) No pair for character ("). Can't process file. File is either invalid or unicode, which is currently not supported.
[expect-5.44.1/pty_unicos.c:92]: (error) No pair for character ("). Can't process file. File is either invalid or unicode, which is currently not supported.

Take a look at line 92 and 94 of pty_uinicos.c:

#ifdef STTY_READS_STDOUT
sprintf(buf,%s %s > %s",STTY_BIN,s,name);
#else
sprintf(buf,%s %s < %s",STTY_BIN,s,name);
#endif

To mee it looks like the analysis tool is right?

The corrected code is:

#ifdef STTY_READS_STDOUT
sprintf(buf,"%s %s > %s",STTY_BIN,s,name);
#else
sprintf(buf,"%s %s < %s",STTY_BIN,s,name);
#endif

Best regards

Ettl Martin

Discussion

  • Thanks for the report. Fixed in CVS head. This looks like an old bug in code for a platform very seldomly used nowadays, which is why it could hide so long, it was never compiled. Not sure why the summary talked about memory leaks, this was nothing like that.

     
    • priority: 5 --> 3
    • assigned_to: nobody --> andreas_kupries
    • summary: found a possible memory leak --> missing double-quotes for sprintf formatting strings
    • status: open --> closed-fixed