This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Patch to add __builtin_printf


 > From: Zack Weinberg <zack@rabi.columbia.edu>
 > 
 > In light of recent security advisories, I'd like to see us do a
 > transformation like this:
 > 
 >   char *foo;  printf (foo);  -> printf ("%s", foo);  [->fputs (foo, stdout)]
 > 
 > and issue a loud warning about the potential hole.  Note that the
 > transformation only applies when there are no arguments after the variable.

I'm about to submit patches to achieve: printf("%s",foo)->fputs(foo,stdout)
(Capturing stdout was the hairy part.)  So that much you can count on.

WRT printf(foo), warning about it is really a special case of
-Wformat=2, so it shouldn't be hard.  (Though I still wish the author
would have documented the new option...)

Anyway, whether to automatically do the transformation you suggest on
printf(foo) is debatable IMHO given that the original is a legal (but
admittedly dangerous) use, and the transformation by nature isn't
equivalent.  (E.g. "%%" gets printf-processed in the original style.)

What do other people think?

		--Kaveh
--
Kaveh R. Ghazi			Engagement Manager / Project Services
ghazi@caip.rutgers.edu		Qwest Internet Solutions

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]