On Sunday 18 January 2009 12:43:46 Grzegorz Jaskiewicz wrote: > > -Wformat-security warns about > > > > printf(var); > > > > but not about > > > > printf(var, a); > > > > I don't understand that; the crash or exploit potential is pretty > > much the > > same in both cases. > > not at all. First case allows you to pass in var from outside, with > your, well crafted format strings. Please read more about subject, > before you say something that silly.
If your premise is that var is passed in from the outside, then the real issue is the %n placeholder. And then it doesn't matter how many variadic args you pass. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
