sblim-gather fails to compile with GCC when "-Werror=format-security" flag is used. It's because of usage of fprintf/sprintf/printf functions where the format string is not a string literal and there are no format arguments. This may be a security hole if the format string came from untrusted input and contains %n.
Attached patch fixes this issue.
Log in to post a comment.