[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Percent sign in message

From: David Kastrup
Subject: Re: Percent sign in message
Date: Tue, 12 Sep 2006 17:37:33 +0200
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

Richard Stallman <address@hidden> writes:

>     > I think that would give too many false warnings, because it is not
>     > unusual to obtain the format string from some non-constant source.
>     Could be.  But the warning can be turned off by using (message
>     "%s" <exp>).
> Hmm.  If the warning is given only in the case of one arg, maybe it won't
> get too many spurious hits.  I was thinking of getting nontrivial format
> strings from nonconstant sources; but those cases would usually have
> further arguments.
> But let's save this for later.

I'd want to mention that format string vulnerabilities are a common
attack vector for viruses.  They will not likely be exploitable in
Elisp, but it shows that they are not rare among programmers (indeed,
one such case prompted the release of Emacs 21.4), and could cause
weird effects.

I think such a warning would not be amiss, and should probably be
extended to `error' as well.

David Kastrup, Kriemhildstr. 15, 44793 Bochum

reply via email to

[Prev in Thread] Current Thread [Next in Thread]