Re: [Bug-tar] Format-string warnings in 1.26

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] Format-string warnings in 1.26

From:	Paul Eggert
Subject:	Re: [Bug-tar] Format-string warnings in 1.26
Date:	Thu, 28 Jul 2011 08:06:51 -0700
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11

On 07/28/11 07:44, Daniel Macks wrote:
>   printf(foo);
> 
> is considered a potential security risk if foo is a variable rather than a 
> simple quoted string. The solution is to do:
> 
>   printf("%s", foo);

I'm afraid this bug report is rather vague; without knowing the
details of which printf call we're talking about, there's not
much we can do.  Certainly there are some calls to printf-like
functions where the above transformation would break things,
as FOO is supposed to be a format.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] Format-string warnings in 1.26, Daniel Macks, 2011/07/28
- Re: [Bug-tar] Format-string warnings in 1.26, Paul Eggert <=
  - Re: [Bug-tar] Format-string warnings in 1.26, Joerg Schilling, 2011/07/28
- Re: [Bug-tar] Format-string warnings in 1.26, Daniel Macks, 2011/07/28
  - Re: [Bug-tar] Format-string warnings in 1.26, Paul Eggert, 2011/07/28
- Re: [Bug-tar] Format-string warnings in 1.26, Daniel Macks, 2011/07/29
  - Re: [Bug-tar] Format-string warnings in 1.26, Paul Eggert, 2011/07/29
    - Re: [Bug-tar] Format-string warnings in 1.26, Eric Blake, 2011/07/29

Prev by Date: [Bug-tar] Format-string warnings in 1.26
Next by Date: Re: [Bug-tar] Format-string warnings in 1.26
Previous by thread: [Bug-tar] Format-string warnings in 1.26
Next by thread: Re: [Bug-tar] Format-string warnings in 1.26
Index(es):
- Date
- Thread