[cfe-commits] [PATCH] Remove security warning for use of '%n' specifier in format string literals
matthewbg at google.com
Mon Jul 30 11:28:33 PDT 2012
Following on Hans's r160966...
Clang currently warns about any use of the '%n' format specifier:
test.cc:5:14: warning: use of '%n' in format string discouraged
(potentially insecure) [-Wformat-security]
printf("%d%n", i, &n);
While '%n' can be used for evil in an attacker-controlled format
string, there isn't any acute danger in using it in a literal format
string with an argument of the appropriate type. (If preceding format
arguments are derived from untrusted input, then the value written to
the '%n' argument can be somewhat controlled by an attacker, but this
is no worse than any other means by which a program may set a variable
based on untrusted input.) This patch removes the blanket warning for
any use of '%n'; misuses of it, e.g. passing the wrong argument type,
will be caught by the functionality that Hans just added.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6167 bytes
Desc: not available
More information about the cfe-commits