Hi folks, Can we give these patches some love? Is there a bug opened for them? I found myself hitting the precise case Florian was talking about (debugging how the heck we don't have an overflow in a sprintf callsite, only to find it was the "special" sprintf).
Florian - Can you also share the clang plugin? Another of the projects I work on has started to write clang static analyzers, and I need to brush up on my skills. Brian On Aug 3, 2012, at 8:41 AM, Florian Weimer <fwei...@redhat.com> wrote: > The attached patches (against master) replace calls to the global sprintf > overloads with calls to new formatstr functions. Similarly, > MyString::[v]sprintf is renamed to MyString::[v]formatstr. > > The idea is that sprintf (as an unsafe C API) stands out better after these > changes, simplifying code review and encouraging migration to formatstr or > snprintf. > > The patches are mostly auto-generated, using a Clang plug-in which examines > the AST to tell the different sprintf implementations apart. I may have > missed Windows-specific code and code under #ifdef, so it is probably best > not to apply the removal patches yet. > > I can regenerate the patches for other branches and change "formatstr" to > some other identifier if you want me to. > > -- > Florian Weimer / Red Hat Product Security Team > <0004-Add-formatstr-and-vformatstr-functions.patch><0005-Replace-calls-to-global-sprintf-overloads-with-forma.patch><0006-Remove-global-sprintf-overloads.patch><0007-Introduce-MyString-formatstr-and-MyString-vformatstr.patch><0008-Replace-calls-to-MyString-v-sprintf-with-MyString-v-.patch><0009-Remove-sprintf-and-vsprintf-methods-from-MyString.patch>_______________________________________________ > Condor-devel mailing list > Condor-devel@cs.wisc.edu > https://lists.cs.wisc.edu/mailman/listinfo/condor-devel
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Condor-devel mailing list Condor-devel@cs.wisc.edu https://lists.cs.wisc.edu/mailman/listinfo/condor-devel
