On Sun, Feb 13, 2011 at 9:18 PM, Gilles Espinasse <[email protected]> wrote: > > ----- Original Message ----- > From: "Denys Vlasenko" <[email protected]> > To: <[email protected]> > Cc: "Gilles Espinasse" <[email protected]>; <[email protected]> > Sent: Sunday, February 13, 2011 6:31 PM > Subject: Re: about gcc warnings > > >> On Sunday 13 February 2011 14:24, Gilles Espinasse wrote: >> > >> > ----- Original Message ----- >> > From: <[email protected]> >> > To: <[email protected]> >> > Sent: Sunday, February 13, 2011 1:39 PM >> > Subject: about gcc warnings >> > >> > >> > > In busybox there are a lot of compile warnings like: >> > > networking/wget.c:365: warning: format not a string literal and no >> > > format arguments >> > > >> > > are these warnings wanted for some reason? >> >> I don't get any such warnings. >> > I was thinking that warning was related to gcc fortify. But no, this is a > gcc warning > >> > Should only be rusting code >> > This sort of warning is not present in 1.17.3. > > My error, I didn't see this warning because I didn't have -Wformat-security > >> But this just increases code size for no benefit. > > gcc-4.4.5 manual say > If -Wformat is specified, also warn about uses of format functions that > represent possible security problems. At present, this warns about calls to > printf and scanf functions where the format string is not a string literal > and there are no format arguments, as in printf (foo);. This may be a > security hole if the format string came from untrusted input and contains > `%n'. (This is currently a subset of what -Wformat-nonliteral warns about, > but in future warnings may be added to -Wformat-security that are not > included in -Wformat-nonliteral.) >
AFAICS inputs used are always trusted e.g. libbb/messages.c:const char bb_msg_memory_exhausted[] ALIGN1 = "out of memory"; but sounds like a good practice to follow > I have seen this size increase changing mount (bb-1.17.4) 6 warnings > root:/usr/src/busybox-1.17.4$ make bloatcheck > function old new delta > singlemount 680 693 +13 > mount_it_now 178 185 +7 > ---------------------------------------------------------------------------- > -- > (add/remove: 0/0 grow/shrink: 2/0 up/down: 20/0) Total: 20 > bytes > text data bss dec hex filename > 293400 3253 8648 305301 4a895 busybox_old > 293420 3253 8648 305321 4a8a9 busybox_unstripped > Well, I think there are more than 6 in trunk ~/dev/busybox$ grep -R 'msg(bb_msg' * | wc -l 12 ~/dev/busybox$ grep -R 'die(bb_msg' * | wc -l 70 > > Gilles > > _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
