[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-tar] Format-string warnings in 1.26
From: |
Daniel Macks |
Subject: |
[Bug-tar] Format-string warnings in 1.26 |
Date: |
Thu, 28 Jul 2011 10:44:38 -0400 |
User-agent: |
Webmail 6.0 |
Building tar-1.26 on OS X 10.6, gcc gives a bunch of "format not a string
literal and no format arguments" warnings. They arise from various functions
and macro calls and such, but the key trigger is that anything similar to:
printf(foo);
is considered a potential security risk if foo is a variable rather than a
simple quoted string. The solution is to do:
printf("%s", foo);
I don't know anything about tar's internals to know if the cases here are just
several layers of wrapper functions that actually do things safely (but confuse
the compiler) but I could do a naive patch to get started clearing them if it
would be useful.
dan
--
Daniel Macks
address@hidden
- [Bug-tar] Format-string warnings in 1.26,
Daniel Macks <=