Enabling "-Werror=format-security" by default
przemek.klosowski at nist.gov
Wed Nov 20 17:45:41 UTC 2013
On 11/20/2013 11:13 AM, Jerry James wrote:
> path_sprintf(), which is static in Game.c. All callers of that
> function are visible in the same file, and all pass constant strings
> into the function, which passes those constant strings to sprintf().
> The function's purpose is to produce a pathname for a file of interest
> to the caller in the game's installed location. It's too bad that
> gcc's analysis cannot span function calls inside a compilation unit.
> There really is nothing wrong with this code.
Well, the code is inelegant:
sprintf(path + len, formatted_name);
looks better and avoids the warning if you write it as
sprintf(&(path[len]), "%s", formatted_name);
which should lead the reader to reflect on whether it makes sense to prevent buffer overflow by
using %NNs to limit the size of appended name so that it fits within the limits of the path buffer.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel