This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Patch to add __builtin_printf
- To: zack at rabi dot columbia dot edu
- Subject: Re: Patch to add __builtin_printf
- From: "Kaveh R. Ghazi" <ghazi at caip dot rutgers dot edu>
- Date: Tue, 19 Sep 2000 16:21:08 -0400 (EDT)
- Cc: gcc-patches at gcc dot gnu dot org
> From: Zack Weinberg <zack@rabi.columbia.edu>
>
> In light of recent security advisories, I'd like to see us do a
> transformation like this:
>
> char *foo; printf (foo); -> printf ("%s", foo); [->fputs (foo, stdout)]
>
> and issue a loud warning about the potential hole. Note that the
> transformation only applies when there are no arguments after the variable.
I'm about to submit patches to achieve: printf("%s",foo)->fputs(foo,stdout)
(Capturing stdout was the hairy part.) So that much you can count on.
WRT printf(foo), warning about it is really a special case of
-Wformat=2, so it shouldn't be hard. (Though I still wish the author
would have documented the new option...)
Anyway, whether to automatically do the transformation you suggest on
printf(foo) is debatable IMHO given that the original is a legal (but
admittedly dangerous) use, and the transformation by nature isn't
equivalent. (E.g. "%%" gets printf-processed in the original style.)
What do other people think?
--Kaveh
--
Kaveh R. Ghazi Engagement Manager / Project Services
ghazi@caip.rutgers.edu Qwest Internet Solutions