FTBFS if "-Werror=format-security" flag is used
Rich Megginson
rmeggins at redhat.com
Mon Dec 9 22:59:50 UTC 2013
On 12/09/2013 03:33 PM, Przemek Klosowski wrote:
> On 12/06/2013 09:21 AM, Ralf Corsepius wrote:
>>
>> printf(string) is legitimate C, forcing "printf("%s", string) is just
>> silly.
>>
> My apologies for being repetitive, but the original point is that
> printf(string) is insecure unless you can guarantee that you control
> 'string' now and forever. Also, %s is the format for printing
> strings, so I just can't agree that coding printf("%s", string) is silly.
Silly is not the right word. printf("%s", string) is inefficient. In
this case, it would be better to use puts/fputs.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131209/1c04b3d7/attachment.html>
More information about the devel
mailing list