Re: [Mesa-dev] [PATCH mesa-demos 1/6] es1_info: convert indentString into a literal string
Thanks, I've applied the patch series. -Brian On 01/06/2011 09:09 AM, Paulo Zanoni wrote: This fixes compilation with -Wformat -Werror=format-security. Some distros like Mandriva enable this flag by default. Its purpose is to improve security. Another option for this patch would be to do printf(%s, indentString), but converting indentString into a literal also gives the compiler some hints to improve performance. Signed-off-by: Paulo Zanonipzan...@mandriva.com --- By the way, combining this patch with a printf(%s, indentString) would make the code even safer. The last patch of this series does this change, so you can choose to apply it or not. Using printf(string); is dangerous, might lead to bugs and even security issues. If the string being printed contains the % character one can do really dangerous things. Even if you think the string in question might not be dangerous, future code changes might lead that piece of code to bugs or security holes. Some references: http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments http://wiki.debian.org/Hardening#DEBBUILDHARDENINGFORMAT.28gcc.2BAC8-g.2B-.2B--Wformat-Wformat-security.29 http://en.wikipedia.org/wiki/Format_string_attack See also How To Write Shared Libraries Section 2.4.1, written by Ulrich Drepper for more information on the difference between 'char *foo = bar' and 'char foo[] = bar' src/egl/opengles1/es1_info.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/egl/opengles1/es1_info.c b/src/egl/opengles1/es1_info.c index 93816b5..38becc5 100644 --- a/src/egl/opengles1/es1_info.c +++ b/src/egl/opengles1/es1_info.c @@ -29,7 +29,7 @@ static void print_extension_list(const char *ext) { - const char *indentString = ; + const char indentString[] = ; const int indent = 4; const int max = 79; int width, i, j; ___ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
[Mesa-dev] [PATCH mesa-demos 1/6] es1_info: convert indentString into a literal string
This fixes compilation with -Wformat -Werror=format-security. Some distros like Mandriva enable this flag by default. Its purpose is to improve security. Another option for this patch would be to do printf(%s, indentString), but converting indentString into a literal also gives the compiler some hints to improve performance. Signed-off-by: Paulo Zanoni pzan...@mandriva.com --- By the way, combining this patch with a printf(%s, indentString) would make the code even safer. The last patch of this series does this change, so you can choose to apply it or not. Using printf(string); is dangerous, might lead to bugs and even security issues. If the string being printed contains the % character one can do really dangerous things. Even if you think the string in question might not be dangerous, future code changes might lead that piece of code to bugs or security holes. Some references: http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments http://wiki.debian.org/Hardening#DEBBUILDHARDENINGFORMAT.28gcc.2BAC8-g.2B-.2B--Wformat-Wformat-security.29 http://en.wikipedia.org/wiki/Format_string_attack See also How To Write Shared Libraries Section 2.4.1, written by Ulrich Drepper for more information on the difference between 'char *foo = bar' and 'char foo[] = bar' src/egl/opengles1/es1_info.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/egl/opengles1/es1_info.c b/src/egl/opengles1/es1_info.c index 93816b5..38becc5 100644 --- a/src/egl/opengles1/es1_info.c +++ b/src/egl/opengles1/es1_info.c @@ -29,7 +29,7 @@ static void print_extension_list(const char *ext) { - const char *indentString = ; + const char indentString[] = ; const int indent = 4; const int max = 79; int width, i, j; -- 1.7.1 ___ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev