From 41a31793977b93b25484537e48ecdcca312c6b8b Mon Sep 17 00:00:00 2001
From: nothings <sean2@nothings.org>
Date: Tue, 3 Jun 2014 10:23:12 -0700
Subject: [PATCH] Note insecurity of stb_sprintf

---
 tools/make_readme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/make_readme.c b/tools/make_readme.c
index 03aee3a..cdc0b85 100644
--- a/tools/make_readme.c
+++ b/tools/make_readme.c
@@ -15,7 +15,7 @@ int main(int argc, char  **argv)
    for (i=0; i < listlen; ++i) {
       int num,j;
       char **tokens = stb_tokens_stripwhite(list[i], "|", &num);  // stb_tokens -- tokenize string into malloced array of strings
-      FILE *g = fopen(stb_sprintf("../%s", tokens[0]), "rb");     // stb_sprintf -- sprintf to a temporary buffer (not threadsafe)
+      FILE *g = fopen(stb_sprintf("../%s", tokens[0]), "rb");     // stb_sprintf -- sprintf to a static temp buffer (not threadsafe or secure)
       char buffer[256], *s1, *s2;
       fread(buffer, 1, 256, g);
       fclose(g);
-- 
GitLab