GCC extension for protecting applications from format string attacks

Richard Henderson rth@redhat.com
Thu Apr 5 23:50:00 GMT 2001


On Fri, Apr 06, 2001 at 03:40:05PM +0900, Hiroaki Etoh wrote:
> - macro definition
> I think the following is the correnct definition, right?
>   #define printf(FMT, __VA_LIST__...) \
> 	  xprintf(check_it(__VA_LIST__), (FMT),  __VA_LIST__)

No, what I wrote was correct.

> - check_it implementation using marcro or library
> I don't think it works well using check_it implementation using macro or
> library.  Because each argument of printf appears in two different
> location of the xprintf. It means that each argument will be evaluated
> two times. And it also may break the evaluation order of arguments.

Not necessarily.  Neither implementation I had in mind would
have evaluated the arguments to check_it.

> The builtin function will returns a char array of
> argument sizes instead of enum type_class values. Is it OK? 

Huh?  If I understand you correctly, no, it's not ok.  Did you
not follow my explanation of argument types vs register classes?


r~



More information about the Gcc-patches mailing list