RFR: 8373475: Unintentional format string in logString of AccessInfo.cpp
Alexander Zvegintsev
azvegint at openjdk.org
Mon Dec 22 12:51:05 UTC 2025
On Mon, 22 Dec 2025 05:30:11 GMT, Damon Nguyen <dnguyen at openjdk.org> wrote:
> This update is to fix the potential issue where tmpbuf can be read as a format argument for `fprintf`. I have added a specifier here to avoid this issue since the string from tmpbuf is not guaranteed to not cause issues. This update should make this print more reliable and safe to use.
src/jdk.accessibility/windows/native/toolscommon/AccessInfo.cpp line 101:
> 99:
> 100: fprintf(logfile, "%s", tmpbuf);
> 101: fprintf(logfile, "\n");
Suggestion:
fprintf(logfile, "%s\n", tmpbuf);
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28950#discussion_r2639781528
More information about the client-libs-dev
mailing list