[cfe-commits] [PATCH] Remove security warning for use of '%n' specifier in format string literals

Matt Beaumont-Gay matthewbg at google.com
Mon Jul 30 11:28:33 PDT 2012


Following on Hans's r160966...

Clang currently warns about any use of the '%n' format specifier:
test.cc:5:14: warning: use of '%n' in format string discouraged
(potentially insecure) [-Wformat-security]
  printf("%d%n", i, &n);
            ~^

While '%n' can be used for evil in an attacker-controlled format
string, there isn't any acute danger in using it in a literal format
string with an argument of the appropriate type. (If preceding format
arguments are derived from untrusted input, then the value written to
the '%n' argument can be somewhat controlled by an attacker, but this
is no worse than any other means by which a program may set a variable
based on untrusted input.) This patch removes the blanket warning for
any use of '%n'; misuses of it, e.g. passing the wrong argument type,
will be caught by the functionality that Hans just added.

-Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remove-n-specifier-check.patch
Type: application/octet-stream
Size: 6167 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20120730/4bb9c218/attachment.obj>


More information about the cfe-commits mailing list