|
From: | Kai Torben Ohlhus |
Subject: | [Octave-bug-tracker] [bug #55046] Add static compile-time checking of printf functions using compiler attributes |
Date: | Thu, 29 Nov 2018 15:51:16 -0500 (EST) |
User-agent: | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 |
Follow-up Comment #22, bug #55046 (project octave): The "%s" requirement is totally reasonable to me as well. I am a bit surprised that my system does not compile with "-Wformat-security" by default. Thus I made no effort to silence those warnings. Thanks for comment #21 Rik. The good news: on Octave language level this doesn't matter after all for this short form of using error() is valid. Users/developers that work on C/C++-level with Octave should know how to handle this warning (after some googleing) or switch back to the save Octave level. When compiling the simple example below with "-Wformat-security" we'll receive this warning as well: #include <cstdio> int main () { char str[] = "Hi"; char * ptr = str; std::printf (ptr); return 0; } To me it is the nature of C and we should not try hide this at the price of more complexity (=pain for the future). And Rik you are right. The pain of comment #18 is not really an acceptable option. Maybe we should use the "real" definition of the macro "OCTAVE_FORMAT_ATTRIBUTE" when, for example, the "sanitizer" flags are given at configure time? _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?55046> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |