OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: StackGuard with ... Re: [Paper] Format bugs.
From: Morten Welinder (terraDIKU.DK)
Date: Mon Jul 24 2000 - 12:48:34 CDT

mixter2xs.co.il wrote:

> It is a bad idea to have any format functions accept format
> strings that aren't hard coded at compile time. All these
> functions need to have one format argument at one location,
> which definitely needs to be a hard-coded string, (using and
> enforcing const). Per definition, it is arguably possible to
> supply variable format strings in a program, but it is
> rarely practically used, and it shouldn't be practically
> used. At least, when supplying any format function a
> non-constant format argument, the compiler should spit out a
> big warning, and it should do that by default without
> warnings enabled.

As a guesstimate, three out of four format strings in newer GNU
programs are non-constant. That hardly qualifies as rare. I think
you forgot about internationalisation.

Here's a sample from Gnumeric:

    s = g_strdup_printf (
          _("Workbook %s has unsaved changes, save them?"),
          g_basename (wb->filename));

(Which reminds me: I sure hope that the language files cannot be
controlled by a malicious user. That would allow putting extra
%-escapes into just about any format string. Ugh.)

Morten