Hi Marcel,
On Monday 29 of December 2014 09:42:46 Marcel Holtmann wrote:
> Hi Szymon,
>
> > __attribute__((format(printf))) doesn't seem to catch missing format
> > string in function call ie.
> >
> > char *p = "foo";
> >
> > printf(p);
> > vs
> > printf("%s", p);
> >
> > Enabling -Wformat -Wformat-security warns in such case.
> > ---
> >
> > This should allow to early catch bugs like those fixed in
> > patch "Add missing format specifiers in src/error.c" sent by
> > Mariusz.
> >
> > acinclude.m4 | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/acinclude.m4 b/acinclude.m4
> > index 960d54c..bc39c6d 100644
> > --- a/acinclude.m4
> > +++ b/acinclude.m4
> > @@ -21,6 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [
> >
> > with_cflags="$with_cflags -Wredundant-decls"
> > with_cflags="$with_cflags -Wcast-align"
> > with_cflags="$with_cflags -Wswitch-enum"
> >
> > + with_cflags="$with_cflags -Wformat -Wformat-security"
> >
> > with_cflags="$with_cflags -DG_DISABLE_DEPRECATED"
> > with_cflags="$with_cflags -
DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28"
> > with_cflags="$with_cflags -
DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_28"
>
> no objections from my side. However I had gcc versions where this one was
> enabled by default.
It looks like Ubuntu 13.04 and newer enable format-security by default.
Maybe some other distros do the same, yet at least F20 doesn't.
--
BR
Szymon Janc
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
