Ping. This thread has not received any more comments.
Gavin.
On 26/10/2009, at 23:09 , Branko Cibej wrote:
> Stefan Sperling wrote:
>> On Mon, Oct 26, 2009 at 12:06:41PM +0100, Stefan Sperling wrote:
>>
>>> On Mon, Oct 26, 2009 at 04:13:48PM +0530, Kannan wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>>
>>>> Log:
>>>> Resolve "format not a string literal and no format arguments
>>>> found" warning.
>>>>
>>>> * subversion/libsvn_subr/io.c
>>>> (do_io_file_wrapper_cleanup): Add the format specifier "%s", which
>>>> fixes the warning.
>>>>
>>> We have those warnings all over the place, so if you want to fix
>>> them all you're gonna be busy for a while.
>>> But I'd love to see them fixed, because each of them is a possible
>>> format-string vulnerability.
>>>
>>
>> By the way, the proper way to fix this would be to make a list of all
>> functions used by Subversion which accept a format string, and then
>> go
>> through this list and check every occurance of each function
>> throughout
>> the entire code base (grep is your friend).
>> Once that is done, we need to review all commits as they come in for
>> changes re-introducing the anti-pattern of passing a buffer where a
>> format
>> string is expected.
>>
>> Just relying on the compiler to warn about this could be a bad idea.
>>
>
> I think we should add properly defined GCC attributes to such
> functions
> declarations, so that we *can* rely on the compiler warning us in
> future. APR certainly does that, and even properly defines
> __attribute__
> as a macro when it's not being compiled by GCC.
>
> -- Brane
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2411358
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2413972
Received on 2009-11-03 00:14:33 CET