On 2013-12-18 15:13, Dmitry Samersoff wrote:
Mike,
1. I'm not sure -Wformat-security has any value for us - it checks for case
printf(string) with no extra arguments,
as it can cause buffer overrun if string comes from untrusted source.
Actually, it checks functions tagged as "format" functions. If you have
your own implementation with a "printf-style" syntax (typically some
kind of pre-/post-processing around sprintf etc), you can tag these
functions as well, using e.g.
__attribute__ ((format (printf, 2, 3)));
The best way to do this is to define a macro that expands to such an
attribute definition on gcc, and empty for other compilers.
I have personally found this to be a great tool for catching format
errors. It do require some initial effort of finding and tagging the
"printf-style" functions, but then all uses of these are checked.
I do not know, however, if this is applicable to the jdk.
/Magnus
