|
|
|
|
|
|
by joh6nn
695 days ago
|
|
|
The malicious commit was designed to be confusing, as noted in the first comment of the investigation: > but calls to safe_fprintf were replaced with calls to the unsafe fprintf. The diff doesn't make this obvious due to the removal of a newline in a parameter list. It wasn't noticed because it was specifically designed not to be obvious. |
|
|