Stuart Henderson <[email protected]> wrote:
> On 2021/09/07 21:24, Christian Weisgerber wrote:
> > Earlier today, semarie@ committed a change that will now cause base
> > clang to warn when the %n specifier appears in a format string for
> > the printf(3) family of functions:
> >
> > warning: '%n' format specifier support is deactivated and will call abort(3)
>
> By the way, as jca@ said earlier: "There may be others that can't be
> flagged by the compiler [...] because of indirections through wrapper
> functions." - so, runtime tests will possibly pick up more software
> needing attention.
The user community can help by looking for messages in /var/log/messages
which look like this
program: *printf used %n, aborting: <string>
and
program: *wprintf used %n, aborting
(the wide functions do not print the message)
Such programs will also be aborting, probably dumping core somewhere.
The more we fix, the better, because we think this %n behaviour is
going to make it into 7.0 release.
