[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 8/9] Add more format string warning flags
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH 8/9] Add more format string warning flags |
Date: |
Mon, 2 Apr 2012 15:34:30 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Mon, Apr 02, 2012 at 03:32:51PM +0100, Peter Maydell wrote:
> On 2 April 2012 15:22, Daniel P. Berrange <address@hidden> wrote:
> > The -Wformat-security option can only catch problems if the format
> > string is a literal. eg so it'd miss this:
> >
> > void foo(void) {
> > int notastring = 1;
> > const char *format = "String is %s";
> >
> > sprintf(format, notastring);
> > }
> >
> > There are a handful of places in QEMU which do that with non-trivial
> > format strings & were easy to fix in this patch, which I think is a
> > worthwhile improvement. The cases in the *-user/strace.c file though
> > are not practical to fix, without significant re-design of the code
> > in question.
>
> To be honest I couldn't tell from your patch whether you'd actually
> fixed any bugs or if you were just moving things around to turn non
> literals into literals.
There were no actual bugs fixed - it was just the change you describe
from non-literal to literal - to protect against future possible bugs.
> (Some of the cleanup looks like a good idea anyway, eg the vnc bits.)
Yep, I don't know why I didn't write that VNC code this way in the
first place now :-)
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH 3/9] Print out progress when checking compiler flags, (continued)
[Qemu-devel] [PATCH 7/9] Add -Wmissing-format-attribute & fix problems it finds, Daniel P. Berrange, 2012/04/02
[Qemu-devel] [PATCH 4/9] Remove 4 MB stack frame usage from sheepdog, Daniel P. Berrange, 2012/04/02
[Qemu-devel] [PATCH 6/9] Fix bit test to use & instead of && and enable -Wlogical-op warning, Daniel P. Berrange, 2012/04/02