This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: use of %n in genmodes.c causes trouble on Vista
Ian Lance Taylor wrote:
> What is the security issue here? I'm not seeing it. Are they
> concerned that attackers will modify the print control string somehow?
I don't know. We simply have observed bootstrap problems during
preliminary experiments on Vista, found them to be caused by
uninitialized values of "count_" in genmodes and traced this to
the %n issue.
We have been using a patch almost identical to what Paolo posted, and
and I raised the question on gcc@ to see whether this approach was
considered correct before performing a formal test-cycle and submission
to gcc-patches.
[...]
> This deficiency is presumably only going to arise for a mingw hosted
> gcc. Would it be possible for the mingw startup file to call
> _set_printf_count_output? Perhaps under the control of a command line
> option at link time?
Maybe, I don't know either. The printf-return-value solution just looked
straightforward, so that's the first option which came to mind, moderated
by the potential portability question.
> The return value of printf is portable (unlike the return value of
> sprintf).
OK, I see Paolo has committed a change along those lines already.
Thanks much for your feedback,
Olivier