On Sun, Dec 28, 2008 at 01:51:45PM -0600, Steve Langasek wrote: > On Sun, Dec 28, 2008 at 12:42:46AM -0800, Kees Cook wrote: > > samba > > Another false positive, AFAICS: > > $ pcregrep -rM 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' source > source/libads/kerberos.c: fname = talloc_asprintf(dname, > "%s/krb5.conf.%s", dname, domain);
Thanks, I've marked samba and wmi as false alarms. > Perhaps adding a \b to the front of the regexp would be appropriate? I didn't include a word-break intentionally; I think the benefits are greater, since it catches luckily-named variations like g_sprintf (which I knew of ahead of time) and ircsprintf (found during search). -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
