Enabling "-Werror=format-security" by default

Jerry James loganjerry at gmail.com
Thu Nov 21 16:09:18 UTC 2013

On Thu, Nov 21, 2013 at 2:04 AM, Florian Weimer <fweimer at redhat.com> wrote:
> On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
>> Well, the code is inelegant:
>>   sprintf(path + len, formatted_name);
>> looks better and avoids the warning if you write it as
>>   sprintf(&(path[len]), "%s", formatted_name);
>> which should lead the reader to reflect on whether it makes sense to
>> prevent buffer overflow by
>> using %NNs to limit the size of appended name so that it fits within the
>> limits of the path buffer.
> You should be using snprintf anyway.  And neither sprintf nor snprintf are
> really suitable for build strings piece-by-piece, unfortunately.
> Anyway, adding the "%s" trades a bit of text segment size increase for a
> likely decrease in execution time because the non-format-string argument
> does not have to be parsed for format strings.

Thanks for the suggestions, everyone.  I have added a patch to fix
this for abe.  I also pulled a patch for apron from upstream, which
had already fixed their code, and made a patch for cmusphinx which I
also submitted upstream.  So there's 3 packages you can cross off the

Jerry James

More information about the devel mailing list