|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: James Antill (james
and.org)Date: Wed May 30 2001 - 11:35:42 CDT
Horst von Brand <vonbrandinf.utfsm.cl> writes:
> James Antill <jamesand.org> said:
>
> [...]
>
> > The number will possibly be low, but each incident will probably be
> > serious. I'm also not sure which version of gcc you're talking about,
> > I'd heard that people were trying to get something in for gcc-3.0 but
> > as far as I know it wouldn't be anything that would warn on one of the
> > following cases...
> >
> > 1.
> >
> > const char *tmp = /* blah */;
> > printf(tmp);
>
> This is a way printf(3) is rarely used.
Yes, it's usualy a bug but yes those bugs are usualy very bad
security wise.
It is also the only thing that FormatGuard protects against, are we
having different conversations?
-- # James Antill -- james
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]