Home > mailing lists

Re: Fixes for compiler warnings - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Fixes for compiler warnings
Date	January 18, 2009 19:16:31
Msg-id	200901182216.24364.peter_e@gmx.net Whole thread Raw
In response to	Re: Fixes for compiler warnings (Grzegorz Jaskiewicz <gj@pointblue.com.pl>)
List	pgsql-hackers

Tree view

On Sunday 18 January 2009 12:43:46 Grzegorz Jaskiewicz wrote:
> > -Wformat-security warns about
> >
> >    printf(var);
> >
> > but not about
> >
> >    printf(var, a);
> >
> > I don't understand that; the crash or exploit potential is pretty
> > much the
> > same in both cases.
>
> not at all. First case allows you to pass in var from outside, with
> your, well crafted format strings. Please read more about subject,
> before you say something that silly.

If your premise is that var is passed in from the outside, then the real issue 
is the %n placeholder.  And then it doesn't matter how many variadic args you 
pass.

pgsql-hackers by date:

From: Peter Eisentraut
Date: 18 January 2009, 18:51:32
Subject: Re: Fixes for compiler warnings

From: Andrew Chernow
Date: 18 January 2009, 19:20:26
Subject: Re: libpq WSACleanup is not needed

Re: Fixes for compiler warnings - Mailing list pgsql-hackers

Previous

Next