I work in information flow analysis of programs and my analysis gave a possible warning with respect to format string vulnerability in csplit (Version 8.17).
In csplit, there is a global variable called "suffix" which is initialized through a command line argument in function main
suffix = optarg
Next, this variable is used as a format argument in a sprintf call in function make_filename.
sprintf (filename_space + strlen (prefix), suffix, num)
Our analysis flagged this behavior.
However, we are not sure whether Coreutil developers are aware of this behaviour. This might very well be a false positive. We just wanted to confirm our analysis.
Any response in this regard will be appreciated.
Thanks
Regards,
Kapil