Sergio Belkin wrote: > Regarding to " format not a string literal and no format arguments > [-Werror=format-security]" message. > Afaik instructions of kind printf(format,var1,var2,...) always be fail, > since it can't verify in compile time that the format includes the number > of variables that appears later.
GCC does exactly that. It has special knowledge of the printf family of functions and verifies that the arguments match the format. If you define a function that takes printf-like parameters, then you should include an attribute like this: void log(foo f, const char *format, ...) __attribute__((format(printf, 2, 3))); Then GCC will verify that the arguments match the format in calls to your function too. > If the developer does not use entered formats by the user, the exploit > disappear, doesn't it? Is it guaranteed that the string can never under any circumstances ever possibly contain a percent sign? If so, it's probably safe – in the current version of the program, but who knows what changes might be made in the distant future? Tell upstream to just add "%s" as the format string and be done with it. If they find that burdensome, then that's because they made a bad choice of programming language. Björn Persson
pgp7dztvU6yd2.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
