Skip to content
  • Greg Steuck's avatar
    Kill a use of %n format specifier · e2c48b98
    Greg Steuck authored and Marge Bot's avatar Marge Bot committed
    This format has been used as a security exploit vector for decades
    now.  Some operating systems (OpenBSD, Android, MSVC). It is targeted
    for removal in C2X standard:
    This requires extending the debug message function to return the
    number of bytes written (like printf(3)), to permit %n format
    specifier in one in one invocation of statsPrintf() in
    Implemented by Matthias Kilian (kili<AT>