From: | Jeroen Vermeulen <jtv(at)xs4all(dot)nl> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Alan Li <alanwli(at)gmail(dot)com> |
Subject: | Re: Fixes for compiler warnings |
Date: | 2009-01-20 16:01:19 |
Message-ID: | 4975F54F.4000703@xs4all.nl |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> -Wformat-security warns about
>
> printf(var);
>
> but not about
>
> printf(var, a);
>
> I don't understand that; the crash or exploit potential is pretty much the
> same in both cases.
Not sure this is the reason, but in the first case any risk is trivially
avoided by using puts() or printf("%s", var) instead. So printf(var) is
almost certainly not what you mean.
I think that's a reasonable warning to have enabled, whereas the other
one is more of a "try it sometime, you might find something" kind of
warning.
Jeroen
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2009-01-20 16:09:51 | Re: is 8.4 array_agg() supposed to work with array values? |
Previous Message | Bruce Momjian | 2009-01-20 15:44:06 | Re: FWD: Re: Updated backslash consistency patch |