This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: GCC extension for protecting applications from format stringattacks

To: Richard Henderson <rth at redhat dot com>
Subject: Re: GCC extension for protecting applications from format stringattacks
From: Alan Modra <alan at linuxcare dot com dot au>
Date: Fri, 6 Apr 2001 11:24:50 +1000 (EST)
cc: Zack Weinberg <zackw at Stanford dot EDU>, Makoto Iwamura <iwamura at pb dot highway dot ne dot jp>, vuln-dev at securityfocus dot com, gcc-patches at gcc dot gnu dot org, etoh at jp dot ibm dot com

On Thu, 5 Apr 2001, Richard Henderson wrote:

> #define printf(FMT, ...) \
>   xprintf(check_it(__VA_LIST__), (FMT), ## __VA_LIST__)

Then watch lots of programs break that do nasty things like

printf (
#if something
        abc_string
#else
        xyz_string
#endif
       );

Yes, I know this code breaks standards as printf is explicitly allowed to
be a macro, and I know recent glibc defines printf as a macro, but....

Alan
-- 
Linuxcare

Follow-Ups:
- Re: GCC extension for protecting applications from format string attacks
  - From: Richard Henderson

References:
- Re: GCC extension for protecting applications from format string attacks
  - From: Richard Henderson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]