Chris Holgate wrote:
I've just had to add support for diag_vsnprintf to diag.h as part of writing some logging code. We all know that sprintf, vsprintf and their evil unchecked spawn are the source of lots of buffer overflow bugs - so while I'm prepping a patch for this change is it worth adding compiler warning attributes to diag_sprintf and diag_vsprintf to help 'discourage' their use?
That would collide with -Werror -- an option I happen to like a lot. Besides, my guess is that the vsnprintf functions will be called through some printf-style variadic function, and the compiler can verify arguments there.
Rutger
