On Fri, Feb 13 2015, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote: > On Thu, Feb 12, 2015 at 08:52:49PM +0100, Rasmus Villemoes wrote: >> >> > Is this less spammy than gcc's -Wformat-security? >> > > I feel like eventually we will be able to do stuff like verify the > caller data which GCC can't do. Yes, when the format arg is something like arr[idx].fmt and arr is a const array of struct foobar, we might be able to simply check the arguments for every possible value of idx. But in that case we should also add checking for the things I was too lazy to do (the ordinary %d stuff etc.). That would also benefit the const char*const case, which gcc for some reason doesn't handle. A future note to self: I've seen a couple of places where some of the format strings contain a %d and others contain no specifiers at all, but an integer is always passed. This is of course entirely safe, so the 'extra arguments passed to ...' should be made spammy when checking against a set of format strings. >> Dan, please see if you can merge the last few patches. > > Sure. Done. Thanks. I'll start doing changes on top of your repo. Rasmus -- To unsubscribe from this list: send the line "unsubscribe smatch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
