-----BEGIN PGP SIGNED MESSAGE-----
Stefan Sperling wrote:
> On Mon, Oct 26, 2009 at 12:06:41PM +0100, Stefan Sperling wrote:
>> On Mon, Oct 26, 2009 at 04:13:48PM +0530, Kannan wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> Resolve "format not a string literal and no format arguments found" warning.
>>> * subversion/libsvn_subr/io.c
>>> (do_io_file_wrapper_cleanup): Add the format specifier "%s", which
>>> fixes the warning.
>> We have those warnings all over the place, so if you want to fix
>> them all you're gonna be busy for a while.
>> But I'd love to see them fixed, because each of them is a possible
>> format-string vulnerability.
The ones which appear in bulk are "format not a string literal,
argument types not checked" whereas the one(the only one found AFAIK)
fixed here is that of "format not a string literal and no format
arguments found". Anyways need to fix them too.
> By the way, the proper way to fix this would be to make a list of all
> functions used by Subversion which accept a format string, and then go
> through this list and check every occurance of each function throughout
> the entire code base (grep is your friend).
> Once that is done, we need to review all commits as they come in for
> changes re-introducing the anti-pattern of passing a buffer where a format
> string is expected.
> Just relying on the compiler to warn about this could be a bad idea.
+1. Herewith I've attached the updated patch as per your comments.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Received on 2009-10-26 12:29:52 CET