[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security format patch
From: |
Eric Blake |
Subject: |
Re: security format patch |
Date: |
Mon, 02 Dec 2013 12:18:18 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
On 12/02/2013 12:12 PM, Ivailo wrote:
> Attached a patch that fixes a test build failure caused by use of
> -Wformat -Werror=format-security in build flags. Take the credits,
> I don't want medals and such.
Thanks for the attempt. However, this patch is wrong.
> /* Silence gcc warning about zero-length format string. */
> const char *empty = "";
> - result = xasprintf (empty);
> + result = xasprintf ("%s", empty);
Per the comment, we SPECIFICALLY want to test the behavior of printf("")
and friends, IN SPITE of the gcc warning. So the correct fix is the use
of #pragma GCC diagnostic to shut up the compiler's warning for this
particular file, properly guarded by a test for a new enough gcc to know
that the pragma will actually work.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- security format patch, Ivailo, 2013/12/02
- Re: security format patch,
Eric Blake <=
- Re: security format patch, Paul Eggert, 2013/12/02
- Re: security format patch, Ivailo, 2013/12/02
- Re: security format patch, Ivailo, 2013/12/02
- Re: security format patch, Ivailo, 2013/12/02
- Re: security format patch, Pádraig Brady, 2013/12/03
- Re: security format patch, Ivailo, 2013/12/03
- Re: security format patch, Pádraig Brady, 2013/12/03
- Re: security format patch, Ivailo, 2013/12/03