Enabling "-Werror=format-security" by default

Przemek Klosowski przemek.klosowski at nist.gov
Wed Nov 20 17:45:41 UTC 2013

On 11/20/2013 11:13 AM, Jerry James wrote:
> path_sprintf(), which is static in Game.c. All callers of that 
> function are visible in the same file, and all pass constant strings 
> into the function, which passes those constant strings to sprintf(). 
> The function's purpose is to produce a pathname for a file of interest 
> to the caller in the game's installed location. It's too bad that 
> gcc's analysis cannot span function calls inside a compilation unit. 
> There really is nothing wrong with this code. 
Well, the code is inelegant:

  sprintf(path + len, formatted_name);

looks better and avoids the warning if you write it as

  sprintf(&(path[len]), "%s", formatted_name);

which should lead the reader to reflect on whether it makes sense to prevent buffer overflow by
using %NNs to limit the size of appended name so that it fits within the limits of the path buffer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131120/61336702/attachment-0001.html>

More information about the devel mailing list