This is the mail archive of the
mailing list for the GCC project.
Re: Patch to add __builtin_printf
- To: zack at rabi dot columbia dot edu
- Subject: Re: Patch to add __builtin_printf
- From: "Kaveh R. Ghazi" <ghazi at caip dot rutgers dot edu>
- Date: Tue, 19 Sep 2000 16:21:08 -0400 (EDT)
- Cc: gcc-patches at gcc dot gnu dot org
> From: Zack Weinberg <email@example.com>
> In light of recent security advisories, I'd like to see us do a
> transformation like this:
> char *foo; printf (foo); -> printf ("%s", foo); [->fputs (foo, stdout)]
> and issue a loud warning about the potential hole. Note that the
> transformation only applies when there are no arguments after the variable.
I'm about to submit patches to achieve: printf("%s",foo)->fputs(foo,stdout)
(Capturing stdout was the hairy part.) So that much you can count on.
WRT printf(foo), warning about it is really a special case of
-Wformat=2, so it shouldn't be hard. (Though I still wish the author
would have documented the new option...)
Anyway, whether to automatically do the transformation you suggest on
printf(foo) is debatable IMHO given that the original is a legal (but
admittedly dangerous) use, and the transformation by nature isn't
equivalent. (E.g. "%%" gets printf-processed in the original style.)
What do other people think?
Kaveh R. Ghazi Engagement Manager / Project Services
firstname.lastname@example.org Qwest Internet Solutions