On 12/05/2013 02:15 PM, Florian Weimer wrote:
On 12/05/2013 11:00 AM, Ralf Corsepius wrote:
On 12/05/2013 10:26 AM, Björn Persson wrote:
Brendan Jones wrote:
Patching is not a problem. Unnecessary is the question. Explain to me
(not you in particular Rahul) how these printf's can possibly be
exploited?
I believe to be able to prove GCC is producing bogus warnings:
Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1037293
(This is a trimmed down example of a real world case).
The offending line is this:
fprintf(fp, endfmt);
endfmt is not a string literal,
Right, but it is a constant and is never going to be modified.
so the warning is correct in the sense
that it provides the intended diagnostic. GCC could perhaps do better
in some cases, but not without relying on the optimizers.
Well, a matter of point of view.
As I see it, GCC's -Wformat-security is too unreliable to be used in
production. It certainly diagnoses valid security leaks in some cases,
but all it does in other cases is to enforce stylishness to work outs
GCC's limitations. I.e. in these case it effectively only causes churn.
I.e. I see sense in adding it to %optflags as a warning (-W...), but
raising this warning to an error (-Werror=...) at this point in time
qualifies as not helpful.
Ralf
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct