bernd.luevelsmeyerHEITEC.NET

• Next message: Vincent Danen: "BitchX update"
• Previous message: Adam McKenna: "Re: ftpd and setproctitle()"
• In reply to: D. J. Bernstein: "Re: ftpd and setproctitle()"
• Next in thread: Firstname Lastname: "Re: ftpd and setproctitle()"
• Next in thread: Pavel Kankovsky: "Re: ftpd and setproctitle()"
• Next in thread: Roger Espel Llima: "Re: ftpd and setproctitle()"
• Reply: Bernd Luevelsmeyer: "Re: ftpd and setproctitle()"
• Reply: Firstname Lastname: "Re: ftpd and setproctitle()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

D. J. Bernstein wrote:
[...]
> The solution is to eliminate the interface. Design a new interface that
> doesn't encourage bugs. Then make sure that everyone switches to the new
> interface. Advertise the new interface. Make the old interface more and
> more difficult to use. Move gets() to /usr/lib/libbugpronestandards.a.
[...]

For this class of bugs, shouldn't it be possible to modify the compiler
so it will flag any occurrence of a non-constant format string in
printf()-like functions? I mean, an optional warning if the compiler
can't determine the format string's contents at compile time.
GCC has -Wformat already, which might be upgradeable; and there's
__attribute__((format)) to mark printf-like functions.
Even if user-written functions are not marked with the __attribute__,
calls to functions in the compiler's library could at least be checked.

• Next message: Vincent Danen: "BitchX update"
• Previous message: Adam McKenna: "Re: ftpd and setproctitle()"
• In reply to: D. J. Bernstein: "Re: ftpd and setproctitle()"
• Next in thread: Firstname Lastname: "Re: ftpd and setproctitle()"
• Next in thread: Pavel Kankovsky: "Re: ftpd and setproctitle()"
• Next in thread: Roger Espel Llima: "Re: ftpd and setproctitle()"
• Reply: Bernd Luevelsmeyer: "Re: ftpd and setproctitle()"
• Reply: Firstname Lastname: "Re: ftpd and setproctitle()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]