[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] Format-string warnings in 1.26
From: |
Paul Eggert |
Subject: |
Re: [Bug-tar] Format-string warnings in 1.26 |
Date: |
Thu, 28 Jul 2011 08:06:51 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11 |
On 07/28/11 07:44, Daniel Macks wrote:
> printf(foo);
>
> is considered a potential security risk if foo is a variable rather than a
> simple quoted string. The solution is to do:
>
> printf("%s", foo);
I'm afraid this bug report is rather vague; without knowing the
details of which printf call we're talking about, there's not
much we can do. Certainly there are some calls to printf-like
functions where the above transformation would break things,
as FOO is supposed to be a format.