On 03/29/2012 12:35 PM, Eric Blake wrote: > Any thoughts before I push this?
Yes, thanks, this is the sort of thing that I had in mind in the earlier thread today about this <http://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00183.html>. Some comments about the patch details: The GNULIB_GETS line needs to be removed from modules/stdio. Shouldn't we also remove the definition of gets from lib/stdio-read.c? Should the GNULIB_TEST_GETS chunk be removed from test-stdio-c++.cc? doc/posix-functions/gets.texi needs to be updated to match the other changes. The comment in stdio.in.h about sprintf should be updated to not also talk about gets. Something like this: -/* Some people would argue that sprintf should be handled like gets - (for example, OpenBSD issues a link warning for both functions), - since both can cause security holes due to buffer overruns. +/* Some people would argue that all sprintf uses should be warned about + (for example, OpenBSD issues a link warning for it), + since it can cause security holes due to buffer overruns. However, we believe that sprintf can be used safely, and is more efficient than snprintf in those safe cases; and as proof of our
