Home > mailing lists

Re: Fixes for compiler warnings - Mailing list pgsql-hackers

From	Grzegorz Jaskiewicz
Subject	Re: Fixes for compiler warnings
Date	January 18, 2009 09:44:10
Msg-id	C51B6AFA-9588-4823-80CD-53C5BD7AD88A@pointblue.com.pl Whole thread Raw
In response to	Re: Fixes for compiler warnings (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Fixes for compiler warnings (Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>) Re: Fixes for compiler warnings (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

On 2009-01-18, at 09:56, Peter Eisentraut wrote:

> On Sunday 18 January 2009 08:28:51 Tom Lane wrote:
>> Yeah, the risk this is trying to guard against is variables  
>> containing
>> "%" unexpectedly.  Even if that's not possible, it requires some work
>> to verify and it's a bit fragile.  I didn't look at the specific  
>> cases
>> yet but in general I think this is a good policy.
>
> -Wformat-security warns about
>
>    printf(var);
>
> but not about
>
>    printf(var, a);
>
> I don't understand that; the crash or exploit potential is pretty  
> much the
> same in both cases.
not at all. First case allows you to pass in var from outside, with  
your, well crafted format strings. Please read more about subject,  
before you say something that silly.

pgsql-hackers by date:

From: alanwli@gmail.com
Date: 18 January 2009, 09:34:44
Subject: Re: Fixes for compiler warnings

From: alanwli@gmail.com
Date: 18 January 2009, 09:47:34
Subject: Re: Fixes for compiler warnings

Re: Fixes for compiler warnings - Mailing list pgsql-hackers

Previous

Next