Re: [Bug-tar] Format-string warnings in 1.26

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] Format-string warnings in 1.26

From:	Daniel Macks
Subject:	Re: [Bug-tar] Format-string warnings in 1.26
Date:	Thu, 28 Jul 2011 11:20:09 -0400
User-agent:	Webmail 6.0

On Thu, 28 Jul 2011 08:06:51 -0700, Paul Eggert  wrote:
On 07/28/11 07:44, Daniel Macks wrote:

>   printf(foo);
> > is considered a potential security risk if foo is a variablerather than a simple quoted string. The solution is to do:
> >   printf("%s", foo);

I'm afraid this bug report is rather vague; without knowing the
details of which printf call we're talking about, there's not
much we can do.  Certainly there are some calls to printf-like
functions where the above transformation would break things,
as FOO is supposed to be a format.

The warning is only when foo really winds up as a simple string and nota format-string with %X that are replaced by subsequent parameters.Does this list like .patch attachments, or pasted directly into theemail body, or...?


dan

 --
Daniel Macks
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] Format-string warnings in 1.26, Daniel Macks, 2011/07/28
- Re: [Bug-tar] Format-string warnings in 1.26, Paul Eggert, 2011/07/28
  - Re: [Bug-tar] Format-string warnings in 1.26, Joerg Schilling, 2011/07/28
- Re: [Bug-tar] Format-string warnings in 1.26, Daniel Macks <=
  - Re: [Bug-tar] Format-string warnings in 1.26, Paul Eggert, 2011/07/28
- Re: [Bug-tar] Format-string warnings in 1.26, Daniel Macks, 2011/07/29
  - Re: [Bug-tar] Format-string warnings in 1.26, Paul Eggert, 2011/07/29
    - Re: [Bug-tar] Format-string warnings in 1.26, Eric Blake, 2011/07/29

Prev by Date: Re: [Bug-tar] Format-string warnings in 1.26
Next by Date: Re: [Bug-tar] Format-string warnings in 1.26
Previous by thread: Re: [Bug-tar] Format-string warnings in 1.26
Next by thread: Re: [Bug-tar] Format-string warnings in 1.26
Index(es):
- Date
- Thread