Hector Santos wrote:
> Jeff Macdonald wrote:
>
>>> Passing an unchecked string as a printf format is an ancient unix bug.
>>
>> Ah, so vargs type stuff. Still, I'll have to run it through a debugger
>> myself to understand. I would think one would have a loop of some
>> sort. I would of thought if there were no args it would just end.
>
> Nope, because th '%' is telling the parser to expect an argument.
>
> A debugger will generally not tell you these things, but good Heap
> Managers (which may be part of the better debugger) can give some buffer
> overflow and underflow detection. But its not perfect and stack overhead
> wrapping code is the direction with newer compilers to help protect
> against stack corruptions.
I just note that a good modern compiler MAY will issue syntax
*warning* if the string is static, as in:
log_write(0, LOG_MAIN, "There is a 50% chance of rain!");
but its nearly impossible to tell you a variable logmsg contains an
incorrect syntax.
In theory, the compiler (and we write a p-code compiler for our
product line)), could use the prototype information:
void log_write(int, int, char *format, ...)
and when it compiles the line:
log_write(0, LOG_MAIN, (char *)logmsg);
it can issue a compiler warning:
Warning W####, line # in file soso.c is a variable list function
and only has the format string as passed.
That would be an advanced compiler consideration. I personally never
seen or heard of one that will go to that level.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
dkim-ops mailing list
[email protected]
http://mipassoc.org/mailman/listinfo/dkim-ops
