bug-tar
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] Format-string warnings in 1.26

From: Joerg Schilling
Subject: Re: [Bug-tar] Format-string warnings in 1.26
Date: Thu, 28 Jul 2011 17:35:15 +0200
User-agent: nail 11.22 3/20/05 
Paul Eggert <address@hidden> wrote:

> On 07/28/11 07:44, Daniel Macks wrote:
> >   printf(foo);
> > 
> > is considered a potential security risk if foo is a variable rather than a 
> > simple quoted string. The solution is to do:
> > 
> >   printf("%s", foo);
>
> I'm afraid this bug report is rather vague; without knowing the
> details of which printf call we're talking about, there's not
> much we can do.  Certainly there are some calls to printf-like
> functions where the above transformation would break things,
> as FOO is supposed to be a format.

GCCs warnings in general are not well based, maybe this was a warning from GCC.

I am not sure where I did see something like this but I remember that I've seen 
such format warnings when the format string was not a strings constant but a 
variable. 

Jörg

-- 
 EMail:address@hidden (home) Jörg Schilling D-13353 Berlin
       address@hidden                (uni)  
       address@hidden (work) Blog: http://schily.blogspot.com/
 URL:  http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
reply via email to
[Prev in Thread] Current Thread [Next in Thread]