[cfe-dev] [RFC] Adding warnings against usage of %n
Arthur O'Dwyer via cfe-dev
cfe-dev at lists.llvm.org
Mon Nov 8 08:10:23 PST 2021
On Mon, Nov 8, 2021 at 7:03 AM Aaron Ballman via cfe-dev <
cfe-dev at lists.llvm.org> wrote:
> On Sun, Nov 7, 2021 at 10:26 AM Jayson Yan via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
> >
> > We’re interested in warning against the usage of the “%n” format string
> specifier to discourage developers from using this potentially unsafe
> format specifier.
>
> Potentially unsafe in what way? As mentioned on the ongoing code
> review for this topic (https://reviews.llvm.org/D110436), use of `%n`
> by itself is not unsafe. What is unsafe is when the format string
> itself is what's under attacker control so they can insert their own
> `%n` unbeknownst to the programmer, but that is a much harder problem
> to diagnose because there are legitimate cases for having a
> non-literal format specifier.
>
...and Clang already has a diagnostic for non-literal format specifiers.
+1 to everything Aaron has said here, which we've also said over on
https://reviews.llvm.org/D110436.
–Arthur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211108/06d4b3b9/attachment.html>
More information about the cfe-dev
mailing list