Rutger Hofman wrote:
Chris Holgate wrote:
I've just had to add support for diag_vsnprintf to diag.h as part of
writing some logging code. We all know that sprintf, vsprintf and their
evil unchecked spawn are the source of lots of buffer overflow bugs -
so while I'm prepping a patch for this change is it worth adding
compiler warning attributes to diag_sprintf and diag_vsprintf to help
'discourage' their use?
That would collide with -Werror -- an option I happen to like a lot.
Besides, my guess is that the vsnprintf functions will be called through
some printf-style variadic function, and the compiler can verify
arguments there.
Ach, I misunderstood. You want to discourage diag_sprintf and
diag_vsprintf in favour of diag_vsnprintf. I fully agree here.
Rutger
