On 12/05/2013 11:00 AM, Ralf Corsepius wrote:
On 12/05/2013 10:26 AM, Björn Persson wrote:
Brendan Jones wrote:
Patching is not a problem. Unnecessary is the question. Explain to me
(not you in particular Rahul) how these printf's can possibly be
exploited?
I believe to be able to prove GCC is producing bogus warnings:
Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1037293
(This is a trimmed down example of a real world case).
The offending line is this:
fprintf(fp, endfmt);
endfmt is not a string literal, so the warning is correct in the sense
that it provides the intended diagnostic. GCC could perhaps do better
in some cases, but not without relying on the optimizers.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct