Sorry for the delay in seeing this. I'm fine with this change. The main issues with %n occur with a non-constant format string, and as long as our other format string checking catches unintended misuses of %n, I'm happy.
On Jul 30, 2012, at 11:28 AM, Matt Beaumont-Gay <[email protected]> wrote: > Following on Hans's r160966... > > Clang currently warns about any use of the '%n' format specifier: > test.cc:5:14: warning: use of '%n' in format string discouraged > (potentially insecure) [-Wformat-security] > printf("%d%n", i, &n); > ~^ > > While '%n' can be used for evil in an attacker-controlled format > string, there isn't any acute danger in using it in a literal format > string with an argument of the appropriate type. (If preceding format > arguments are derived from untrusted input, then the value written to > the '%n' argument can be somewhat controlled by an attacker, but this > is no worse than any other means by which a program may set a variable > based on untrusted input.) This patch removes the blanket warning for > any use of '%n'; misuses of it, e.g. passing the wrong argument type, > will be caught by the functionality that Hans just added. > > -Matt > <remove-n-specifier-check.patch>_______________________________________________ > cfe-commits mailing list > [email protected] > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
