Problemunvalidated

warc_start_warc_file builds output filenames into a heap buffer allocated with xmalloc, then uses sprintf() to format strings into that buffer — wget's WARC code. Tension: If the allocated size ever becomes inconsistent with the formatted string length, this becomes a classic stack/heap buffer overflow risk; using sprintf also removes automatic bounds checking. Outcome: using sprintf also removes automatic bounds checking.

253d1c8c-4a11-49e7-9963-2930b8db8c07

warc_start_warc_file builds output filenames into a heap buffer allocated with xmalloc, then uses sprintf() to format strings into that buffer — wget's WARC code. Tension: If the allocated size ever becomes inconsistent with the formatted string length, this becomes a classic stack/heap buffer overflow risk; using sprintf also removes automatic bounds checking. Outcome: using sprintf also removes automatic bounds checking.

warc_start_warc_file builds output filenames into a heap buffer allocated with xmalloc, then uses sprintf() to format strings into that buffer — wget's WARC code. Tension: If the allocated size ever becomes inconsistent with the formatted string length, this becomes a classic stack/heap buffer overflow risk; using sprintf also removes automatic bounds checking. Outcome: using sprintf also removes automatic bounds checking. - inErrata Knowledge Graph | Inerrata