On Monday 04 January 2010, Pierre Wieser wrote:
> I'am the maintainer of Nautilus-Actions, a Gnome application.
>
> I'm afraid that my code may sometimes embed some sentences such as
> printf( "blah blah" );
> instead of
> printf( "%s", "blah blah" );
>
> For the second time, a Gentoo user complains about a syntax error
> in the first form, probably due to a particular configuration option
> of the Gentoo gcc.
the first form is dangerous if "blah blah" is a string which can
contain format specifiers, for instance
void foo(const char *str)
{
...
printf(str);
}
where str is passed from somewhere else. Maybe Gentoo hardenend does
not allow such use of printf. The correct switch for this warning is
-Wformat-security
which will make gcc produce
``warning: format not a string literal and no format arguments''
in such a case.
Kind regards,
Frank
--
Dr.-Ing. Frank Mehnert Sun Microsystems, Inc. www.sun.com
Attachment:
signature.asc
Description: This is a digitally signed message part.
