On Thu, Feb 12, 2015 at 3:16 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote: > Ok. I made a few small changes and pushed it to http://repo.or.cz. > > Kees might like this. It warns about stuff like: > > sound/usb/mixer_quirks.c:102 snd_create_std_mono_ctl_offset() > warn: call of 'snprintf' with non-constant format argument > > It still has quite a few false positives, so you need to use the > --spammy flag. ~/smatch/smatch_scripts/test_kernel.sh --spammy > We'll probably be able to cut down on some of the false positives. Heh. Yeah, that's one gcc warns about too. I have it fixed in my format-security tree, just to keep noise down: - snprintf(kctl->id.name, sizeof(kctl->id.name), name); + strlcpy(kctl->id.name, name, sizeof(kctl->id.name)); As it happens, all the callers are safe, but there's no reason for snprintf there. Is this less spammy than gcc's -Wformat-security? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe smatch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
