[cfe-commits] [PATCH] Remove security warning for use of '%n' specifier in format string literals

Florian Weimer fweimer at redhat.com
Fri Aug 3 07:21:43 PDT 2012

On 07/30/2012 08:28 PM, Matt Beaumont-Gay wrote:
> Following on Hans's r160966...
> Clang currently warns about any use of the '%n' format specifier:
> test.cc:5:14: warning: use of '%n' in format string discouraged
> (potentially insecure) [-Wformat-security]
>    printf("%d%n", i, &n);
>              ~^
> While '%n' can be used for evil in an attacker-controlled format
> string, there isn't any acute danger in using it in a literal format
> string with an argument of the appropriate type.

printf which honors format strings is potentially insecure, and as long 
as there are users out there, you cannot remove %n support.

It is possible to check if the format string is located in read-only 
memory as soon as a %n specifier is encountered, but I'm not sure if it 
is feasible to implement this everywhere.

Florian Weimer / Red Hat Product Security Team

More information about the cfe-commits mailing list