Re: FTBFS if "-Werror=format-security" flag is used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2013-12-09 at 15:59 -0700, Rich Megginson wrote:
> On 12/09/2013 03:33 PM, Przemek Klosowski wrote:
> 
> > On 12/06/2013 09:21 AM, Ralf Corsepius wrote:
> > 
> > > 
> > > printf(string) is legitimate C, forcing "printf("%s", string) is
> > > just silly. 
> > > 
> > My apologies for being repetitive, but the original point is that
> > printf(string) is insecure unless you can guarantee that you control
> > 'string' now and forever. Also,  %s is the format for printing
> > strings, so I just can't agree that coding printf("%s", string) is
> > silly. 
> 
> Silly is not the right word.  printf("%s", string) is inefficient.  In
> this case, it would be better to use puts/fputs.
> 
unless something has  changed recently fputs and puts just like gets and
fgets have been deprecated and are discouraged due to potential security
issues.


> > 
> > 
> 



-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux