FTBFS if "-Werror=format-security" flag is used
Lars Seipel
lars.seipel at gmail.com
Thu Dec 5 18:41:53 UTC 2013
On Wed, Dec 04, 2013 at 11:56:23PM +0100, Brendan Jones wrote:
> Patching is not a problem. Unnecessary is the question. Explain to
> me (not you in particular Rahul) how these printf's can possibly be
> exploited?
Uhm, I just took a look at the hydrogen source. The problem with it is
that it's not at all obvious that the f?printf calls can't lead to bad
things happening. This is not a case of GCC failing to account for some
trivial indirection. Fix it, please. Really, you should.
Lars
More information about the devel
mailing list