RFR: 8373475: Unintentional format string in logString of AccessInfo.cpp [v2]
Damon Nguyen
dnguyen at openjdk.org
Tue Dec 23 20:02:12 UTC 2025
On Tue, 23 Dec 2025 19:54:41 GMT, Phil Race <prr at openjdk.org> wrote:
>> src/jdk.accessibility/windows/native/toolscommon/AccessInfo.cpp line 100:
>>
>>> 98: vsnprintf(tmpbuf, sizeof(tmpbuf), msg, argprt);
>>> 99:
>>> 100: fprintf(logfile, "%s\n", tmpbuf);
>>
>> Why can't we use [`fputs`](https://en.cppreference.com/w/c/io/fputs.html) and avoid all the format string logic and ambiguity altogether?
>>
>> Alternatively, *use `vfprintf` directly* instead of first formatting the arguments into a temporary buffer with `vsnprintf` and then sending the result to the output.
>
> A similar pattern is used elsewhere in this file. And I don't want this fix to become a reworking of this code, because that isn't a goal here.
After reading about fputs, I think this is best. Like you mentioned, no ambiguity since it does not use specifiers. Updated.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28950#discussion_r2644149850
More information about the client-libs-dev
mailing list