Re: FTBFS if "-Werror=format-security" flag is used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/05/2013 08:27 PM, Kevin Kofler wrote:
The vast majority of those warnings are actually false positives, not actual 
security issues. Putting my upstream hat on, if asked to "fix" such a false 
positive, I'd do one of:
(a) close the bug as INVALID/NOTABUG/WONTFIX or
(b) hardcode -Wno-error=format-security -Wno-format-security in my build 
setup and close the bug as FIXED.
They are  potential security issues, because ignoring them (especially via (b)) sets everyone up for a fail.
For instance, today it may be a constant format string, but tomorrow someone will introduce it as a settable configuration parameter.

Given that pretty much all those cases can be solved by either "%s" or 
  __attribute__((__format__(__printf, 1, 2)));
 
it would really look petulant to insist on (a) or (b).

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux