FTBFS if "-Werror=format-security" flag is used
Przemek Klosowski
przemek.klosowski at nist.gov
Fri Dec 6 13:07:58 UTC 2013
On 12/05/2013 08:27 PM, Kevin Kofler wrote:
> The vast majority of those warnings are actually false positives, not actual
> security issues. Putting my upstream hat on, if asked to "fix" such a false
> positive, I'd do one of:
> (a) close the bug as INVALID/NOTABUG/WONTFIX or
> (b) hardcode -Wno-error=format-security -Wno-format-security in my build
> setup and close the bug as FIXED.
They are potential security issues, because ignoring them (especially
via (b)) sets everyone up for a fail.
For instance, today it may be a constant format string, but tomorrow
someone will introduce it as a settable configuration parameter.
Given that pretty much all those cases can be solved by either "%s" or
| __attribute__((__format__(__printf, 1, 2)));
it|would||really look petulant to|insist on (a) or (b).|
||
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131206/718f895e/attachment.html>
More information about the devel
mailing list