Enabling "-Werror=format-security" by default
Jerry James
loganjerry at gmail.com
Thu Nov 21 16:09:18 UTC 2013
On Thu, Nov 21, 2013 at 2:04 AM, Florian Weimer <fweimer at redhat.com> wrote:
> On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
>> Well, the code is inelegant:
>>
>> sprintf(path + len, formatted_name);
>>
>> looks better and avoids the warning if you write it as
>>
>> sprintf(&(path[len]), "%s", formatted_name);
>>
>> which should lead the reader to reflect on whether it makes sense to
>> prevent buffer overflow by
>> using %NNs to limit the size of appended name so that it fits within the
>> limits of the path buffer.
>
>
> You should be using snprintf anyway. And neither sprintf nor snprintf are
> really suitable for build strings piece-by-piece, unfortunately.
>
> Anyway, adding the "%s" trades a bit of text segment size increase for a
> likely decrease in execution time because the non-format-string argument
> does not have to be parsed for format strings.
Thanks for the suggestions, everyone. I have added a patch to fix
this for abe. I also pulled a patch for apron from upstream, which
had already fixed their code, and made a patch for cmusphinx which I
also submitted upstream. So there's 3 packages you can cross off the
list.
Regards,
--
Jerry James
http://www.jamezone.org/
More information about the devel
mailing list