synk issues for Use of Externally-Controlled Format String

[SunilKumarPrasadTR]

Hi Team

while using this library, getting error- "Use of Externally-Controlled Format String

issues - Unsanitized input from a command line argument flows into sprintf, where it is used as a format string. This may result in a format string vulnerability.

I have added total 5 screenshot where I am getting same error, Could you please help me here how to resolve this issues while using this opensource library?

File Name - libiconv/source/src/iconv.c (https://github.com/winlibs/libiconv/blob/master/source/src/iconv.c)

Thanks & Regards
Sunil Kumar Prasad

[cmb69]

@SunilKumarPrasadTR, note that this repo is primarily to be able to build libiconv on Windows for PHP. As such, looking into issues with the gettext binary has very low priority for us. And anyway, this should be reported to upstream: https://savannah.gnu.org/projects/libiconv/.

---

@shivammathur, I think we need to drop (archive, or possibly delete) the individual winlib repos in favor of winlib-builder (or something else) just fetching the sources on the fly, and patching as appropriate, prior to building. As is, this is confusing to users, and we're getting too many bogus reports.

[SunilKumarPrasadTR]

Thanks for the Update...

[SunilKumarPrasadTR]

@cmb69 , Is There any latest update regarding above issues?