[cfe-commits] [PATCH] Remove security warning for use of '%n' specifier in format string literals

Ted Kremenek kremenek at apple.com
Thu Aug 2 10:28:21 PDT 2012

Sorry for the delay in seeing this.  I'm fine with this change.  The main issues with %n occur with a non-constant format string, and as long as our other format string checking catches unintended misuses of %n, I'm happy.

On Jul 30, 2012, at 11:28 AM, Matt Beaumont-Gay <matthewbg at google.com> wrote:

> Following on Hans's r160966...
> Clang currently warns about any use of the '%n' format specifier:
> test.cc:5:14: warning: use of '%n' in format string discouraged
> (potentially insecure) [-Wformat-security]
>  printf("%d%n", i, &n);
>            ~^
> While '%n' can be used for evil in an attacker-controlled format
> string, there isn't any acute danger in using it in a literal format
> string with an argument of the appropriate type. (If preceding format
> arguments are derived from untrusted input, then the value written to
> the '%n' argument can be somewhat controlled by an attacker, but this
> is no worse than any other means by which a program may set a variable
> based on untrusted input.) This patch removes the blanket warning for
> any use of '%n'; misuses of it, e.g. passing the wrong argument type,
> will be caught by the functionality that Hans just added.
> -Matt
> <remove-n-specifier-check.patch>_______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

More information about the cfe-commits mailing list