On 11/4/24 09:47, Gerd Hoffmann wrote:
Hi,Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead.- char response[40]; + g_autofree char *response = NULL;- sprintf(response, "\033[%d;%dR", + response = g_strdup_printf("\033[%d;%dR",Any specific reason why you don't go with the recommendation above? While using g_strdup_printf() isn't wrong it allocates memory which is not needed here because you can continue to use the stack buffer this way: snprintf(response, sizeof(response), ...);
I thought GLib/GString was recommended for formatting, so choose this thinking mostly about style. Indeed in this case snprintf() is sufficient. I'll respin, thanks.
take care, Gerd
