Paul Eggert <[email protected]> wrote: > On 07/28/11 07:44, Daniel Macks wrote: > > printf(foo); > > > > is considered a potential security risk if foo is a variable rather than a > > simple quoted string. The solution is to do: > > > > printf("%s", foo); > > I'm afraid this bug report is rather vague; without knowing the > details of which printf call we're talking about, there's not > much we can do. Certainly there are some calls to printf-like > functions where the above transformation would break things, > as FOO is supposed to be a format.
GCCs warnings in general are not well based, maybe this was a warning from GCC. I am not sure where I did see something like this but I remember that I've seen such format warnings when the format string was not a strings constant but a variable. Jörg -- EMail:[email protected] (home) Jörg Schilling D-13353 Berlin [email protected] (uni) [email protected] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
