|
| From: | Kai Torben Ohlhus |
| Subject: | [Octave-bug-tracker] [bug #55046] Add static compile-time checking of printf functions using compiler attributes |
| Date: | Thu, 29 Nov 2018 15:51:16 -0500 (EST) |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 |
Follow-up Comment #22, bug #55046 (project octave):
The "%s" requirement is totally reasonable to me as well. I am a bit
surprised that my system does not compile with "-Wformat-security" by default.
Thus I made no effort to silence those warnings. Thanks for comment #21
Rik.
The good news: on Octave language level this doesn't matter after all for this
short form of using error() is valid.
Users/developers that work on C/C++-level with Octave should know how to
handle this warning (after some googleing) or switch back to the save Octave
level.
When compiling the simple example below with "-Wformat-security" we'll receive
this warning as well:
#include <cstdio>
int main () {
char str[] = "Hi";
char * ptr = str;
std::printf (ptr);
return 0;
}
To me it is the nature of C and we should not try hide this at the price of
more complexity (=pain for the future).
And Rik you are right. The pain of comment #18 is not really an acceptable
option. Maybe we should use the "real" definition of the macro
"OCTAVE_FORMAT_ATTRIBUTE" when, for example, the "sanitizer" flags are given
at configure time?
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?55046>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |