RFR: 8373474: 2 Unintentional format string defect groups in jabswitch.cpp [v2]
Damon Nguyen
dnguyen at openjdk.org
Mon Dec 22 20:48:38 UTC 2025
On Mon, 22 Dec 2025 14:25:46 GMT, Alexander Zvegintsev <azvegint at openjdk.org> wrote:
>> Damon Nguyen has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update printf
>
> src/jdk.accessibility/windows/native/jabswitch/jabswitch.cpp line 231:
>
>> 229: char str[100] = "assistive_technologies=com.sun.java.accessibility.AccessBridge\n";
>> 230: strcat_s(str, "screen_magnifier_present=true\n");
>> 231: fprintf(origFile, "%s", str);
>
> Why do we need the `str` buffer at all?
>
> Shouldn't `fprintf` be enough?
>
>
> fprintf(origFile,
> "assistive_technologies=com.sun.java.accessibility.AccessBridge\n"
> "screen_magnifier_present=true\n");
Updated, thanks!
> src/jdk.accessibility/windows/native/jabswitch/jabswitch.cpp line 321:
>
>> 319: strcat_s(outputString, versionString);
>> 320: strcat_s(outputString, "\njabswitch enables or disables the Java Access Bridge.\n");
>> 321: printf("%s", outputString);
>
> Same for the `outputString`
>
>
> printf(
> "jabswitch %s\n"
> "jabswitch enables or disables the Java Access Bridge.\n",
> versionString
> );
I have also updated this. I was initially skeptical of the implications of replacing the vars entirely, but now I agree that this replacement should be safer.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28949#discussion_r2641189410
PR Review Comment: https://git.openjdk.org/jdk/pull/28949#discussion_r2641191643
More information about the client-libs-dev
mailing list