[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security format patch

From: Eric Blake
Subject: Re: security format patch
Date: Mon, 02 Dec 2013 12:18:18 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

On 12/02/2013 12:12 PM, Ivailo wrote:
> Attached a patch that fixes a test build failure caused by use of
> -Wformat -Werror=format-security in build flags. Take the credits,
> I don't want medals and such.

Thanks for the attempt.  However, this patch is wrong.

>      /* Silence gcc warning about zero-length format string.  */
>      const char *empty = "";
> -    result = xasprintf (empty);
> +    result = xasprintf ("%s", empty);

Per the comment, we SPECIFICALLY want to test the behavior of printf("")
and friends, IN SPITE of the gcc warning.  So the correct fix is the use
of #pragma GCC diagnostic to shut up the compiler's warning for this
particular file, properly guarded by a test for a new enough gcc to know
that the pragma will actually work.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]