On Sat, 2009-10-24 at 17:21 +0200, Denys Vlasenko wrote:
> There should be a way to shut up gcc in these places only
> instead of pessimizing the code. At least I hope so.
I've not done any measurements, but it seems reasonable to me that the
("%s", string) form would be at least as efficient, if not moreso.
Consider: if you pass the string as the first argument then
bb_error_msg() needs to search the entirety of the string checking each
character to see if it's special and handling it appropriately.
If you use "%s" as the format, then immediately bb_error_msg() can see
that it takes the next argument as a whole, without needing to process
or interpret it in any way: just a strcpy() or whatever.
Obviously you have to weigh that against the extra time needed to set up
another argument in the call stack or whatever.
IMO this is an excellent warning by gcc: there have been way too many
security problems caused by people thinking there's no way THAT string
could ever have formatting characters in it. If it were me I would (and
have done in my code) just go ahead and add the initial "%s". It's clear
what it means, it's no less efficient, it's a good reminder as to how
the function is supposed to be used, and it's safer, just in case
something changes in the future and/or those strings are NOT as
well-formed as you think.
Anyway, that's my $0.02.
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
