[cfe-commits] [PATCH] Remove security warning for use of '%n' specifier in format string literals
fweimer at redhat.com
Fri Aug 3 07:21:43 PDT 2012
On 07/30/2012 08:28 PM, Matt Beaumont-Gay wrote:
> Following on Hans's r160966...
> Clang currently warns about any use of the '%n' format specifier:
> test.cc:5:14: warning: use of '%n' in format string discouraged
> (potentially insecure) [-Wformat-security]
> printf("%d%n", i, &n);
> While '%n' can be used for evil in an attacker-controlled format
> string, there isn't any acute danger in using it in a literal format
> string with an argument of the appropriate type.
printf which honors format strings is potentially insecure, and as long
as there are users out there, you cannot remove %n support.
It is possible to check if the format string is located in read-only
memory as soon as a %n specifier is encountered, but I'm not sure if it
is feasible to implement this everywhere.
Florian Weimer / Red Hat Product Security Team
More information about the cfe-commits