RFR: 8373475: Unintentional format string in logString of AccessInfo.cpp [v3]
Phil Race
prr at openjdk.org
Tue Dec 23 20:30:52 UTC 2025
On Tue, 23 Dec 2025 20:02:11 GMT, Damon Nguyen <dnguyen at openjdk.org> wrote:
>> This update is to fix the potential issue where tmpbuf can be read as a format argument for `fprintf`. I have added a specifier here to avoid this issue since the string from tmpbuf is not guaranteed to not cause issues. This update should make this print more reliable and safe to use.
>
> Damon Nguyen has updated the pull request incrementally with one additional commit since the last revision:
>
> fputs and copyright
Marked as reviewed by prr (Reviewer).
wait where's the \n gone ?
Changes requested by prr (Reviewer).
src/jdk.accessibility/windows/native/toolscommon/AccessInfo.cpp line 100:
> 98: vsnprintf(tmpbuf, sizeof(tmpbuf), msg, argprt);
> 99:
> 100: fputs(tmpbuf, logfile);
unless I'm missing something you'd need to add a 2nd fputs for the newline or go back to fprintf like before the latest comment.
-------------
PR Review: https://git.openjdk.org/jdk/pull/28950#pullrequestreview-3609240326
Changes requested by prr (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/28950#pullrequestreview-3609242082
PR Review: https://git.openjdk.org/jdk/pull/28950#pullrequestreview-3609251549
PR Review Comment: https://git.openjdk.org/jdk/pull/28950#discussion_r2644198603
More information about the client-libs-dev
mailing list