[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Fix 'no format arguments found' warning

From: Branko Cibej <brane_at_xbc.nu>
Date: Mon, 26 Oct 2009 13:09:06 +0100

Stefan Sperling wrote:
> On Mon, Oct 26, 2009 at 12:06:41PM +0100, Stefan Sperling wrote:
>
>> On Mon, Oct 26, 2009 at 04:13:48PM +0530, Kannan wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> Log:
>>> Resolve "format not a string literal and no format arguments found" warning.
>>>
>>> * subversion/libsvn_subr/io.c
>>> (do_io_file_wrapper_cleanup): Add the format specifier "%s", which
>>> fixes the warning.
>>>
>> We have those warnings all over the place, so if you want to fix
>> them all you're gonna be busy for a while.
>> But I'd love to see them fixed, because each of them is a possible
>> format-string vulnerability.
>>
>
> By the way, the proper way to fix this would be to make a list of all
> functions used by Subversion which accept a format string, and then go
> through this list and check every occurance of each function throughout
> the entire code base (grep is your friend).
> Once that is done, we need to review all commits as they come in for
> changes re-introducing the anti-pattern of passing a buffer where a format
> string is expected.
>
> Just relying on the compiler to warn about this could be a bad idea.
>

I think we should add properly defined GCC attributes to such functions
declarations, so that we *can* rely on the compiler warning us in
future. APR certainly does that, and even properly defines __attribute__
as a macro when it's not being compiled by GCC.

-- Brane

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2411358
Received on 2009-10-26 13:09:33 CET

This is an archived mail posted to the Subversion Dev mailing list.