* Should we add compiler warnings to diag_sprintf & diag_vsprintf ?
@ 2009-06-26 11:53 Chris Holgate
2009-06-26 12:10 ` Rutger Hofman
0 siblings, 1 reply; 3+ messages in thread
From: Chris Holgate @ 2009-06-26 11:53 UTC (permalink / raw)
To: ecos-devel
Hi folks,
I've just had to add support for diag_vsnprintf to diag.h as part of
writing some logging code. We all know that sprintf, vsprintf and their
evil unchecked spawn are the source of lots of buffer overflow bugs -
so while I'm prepping a patch for this change is it worth adding
compiler warning attributes to diag_sprintf and diag_vsprintf to help
'discourage' their use?
Chris.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Should we add compiler warnings to diag_sprintf & diag_vsprintf ?
2009-06-26 11:53 Should we add compiler warnings to diag_sprintf & diag_vsprintf ? Chris Holgate
@ 2009-06-26 12:10 ` Rutger Hofman
2009-06-26 12:18 ` Rutger Hofman
0 siblings, 1 reply; 3+ messages in thread
From: Rutger Hofman @ 2009-06-26 12:10 UTC (permalink / raw)
To: Chris Holgate; +Cc: ecos-devel
Chris Holgate wrote:
> I've just had to add support for diag_vsnprintf to diag.h as part of
> writing some logging code. We all know that sprintf, vsprintf and their
> evil unchecked spawn are the source of lots of buffer overflow bugs -
> so while I'm prepping a patch for this change is it worth adding
> compiler warning attributes to diag_sprintf and diag_vsprintf to help
> 'discourage' their use?
That would collide with -Werror -- an option I happen to like a lot.
Besides, my guess is that the vsnprintf functions will be called through
some printf-style variadic function, and the compiler can verify
arguments there.
Rutger
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Should we add compiler warnings to diag_sprintf & diag_vsprintf ?
2009-06-26 12:10 ` Rutger Hofman
@ 2009-06-26 12:18 ` Rutger Hofman
0 siblings, 0 replies; 3+ messages in thread
From: Rutger Hofman @ 2009-06-26 12:18 UTC (permalink / raw)
To: Chris Holgate; +Cc: ecos-devel
Rutger Hofman wrote:
> Chris Holgate wrote:
>> I've just had to add support for diag_vsnprintf to diag.h as part of
>> writing some logging code. We all know that sprintf, vsprintf and their
>> evil unchecked spawn are the source of lots of buffer overflow bugs -
>> so while I'm prepping a patch for this change is it worth adding
>> compiler warning attributes to diag_sprintf and diag_vsprintf to help
>> 'discourage' their use?
>
> That would collide with -Werror -- an option I happen to like a lot.
> Besides, my guess is that the vsnprintf functions will be called through
> some printf-style variadic function, and the compiler can verify
> arguments there.
Ach, I misunderstood. You want to discourage diag_sprintf and
diag_vsprintf in favour of diag_vsnprintf. I fully agree here.
Rutger
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-06-26 12:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-06-26 11:53 Should we add compiler warnings to diag_sprintf & diag_vsprintf ? Chris Holgate
2009-06-26 12:10 ` Rutger Hofman
2009-06-26 12:18 ` Rutger Hofman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).