------- Comment #22 from rob1weld at aol dot com  2007-06-28 18:32 -------
Why is it a bad idea to leave this flaw in GCC ?

Format String Bugs and Exploits
http://www.geocities.com/ravecoolr/fmt.doc

or if you like:
http://www.enderunix.org/docs/formatstr.txt

Allowing GCC to stay as-is and permit someone to use a user supplied format
string to print an integer opens a whole field of exploits that could be closed
by fixing this.


-- 

rob1weld at aol dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|abs / printf bug            |Security - abs / printf bug


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32448

Reply via email to