This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Patch to add __builtin_printf
- To: Kaveh Ghazi <ghazi at caip dot rutgers dot edu>
- Subject: Re: Patch to add __builtin_printf
- From: Zack Weinberg <zack at rabi dot columbia dot edu>
- Date: Tue, 19 Sep 2000 15:42:37 -0400
- cc: gcc-patches at gcc dot gnu dot org
In light of recent security advisories, I'd like to see us do a
transformation like this:
char *foo; printf (foo); -> printf ("%s", foo); [->fputs (foo, stdout)]
and issue a loud warning about the potential hole. Note that the
transformation only applies when there are no arguments after the variable.
A demonstration of the danger:
$ cat test.c
#include <stdio.h>
int main(int ac, char **av) {
printf (av[0]);
putchar ('\n');
return 0;
}
$ gcc test.c
$ ./a.out
./a.out
$ mv a.out "blah %s blah"
$ "./blah %s blah" | tr -c ' -~' '$'
./blah $$$$$$$$$$$$$$$$$$$$$$$@H*$@$ blah
With clever use of things like %n, this can be as bad as the classic
unchecked strcpy.
zw
p.s. I'm currently reading gcc-patches via the web archive.