| From: | Jeroen Vermeulen <jtv(at)xs4all(dot)nl> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Alan Li <alanwli(at)gmail(dot)com> |
| Subject: | Re: Fixes for compiler warnings |
| Date: | 2009-01-20 16:01:19 |
| Message-ID: | 4975F54F.4000703@xs4all.nl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> -Wformat-security warns about
>
> printf(var);
>
> but not about
>
> printf(var, a);
>
> I don't understand that; the crash or exploit potential is pretty much the
> same in both cases.
Not sure this is the reason, but in the first case any risk is trivially
avoided by using puts() or printf("%s", var) instead. So printf(var) is
almost certainly not what you mean.
I think that's a reasonable warning to have enabled, whereas the other
one is more of a "try it sometime, you might find something" kind of
warning.
Jeroen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2009-01-20 16:09:51 | Re: is 8.4 array_agg() supposed to work with array values? |
| Previous Message | Bruce Momjian | 2009-01-20 15:44:06 | Re: FWD: Re: Updated backslash consistency patch |