On Thu, Aug 18, 2011 at 01:51:33PM -0500, David Young wrote:
 > > Rather than sweeping the issue under the rug, wouldn't it be better to
 > > actually fix the problem?
 > > 
 > > See attached diff which replaces the "variable" format with a
 > > literal #define string ...
 > I think we should make no changes to appease the compiler in this case.
 > There is nothing inherently safer about using a literal format string
 > than a static const format string, the compiler just isn't smart enough
 > to tell an unsafe non-literal format string from a safe one.

That's not entirely true; e.g. if the compiler can't figure out that
the format string is constant, it won't catch stuff like

   const char format[] = "%d";
   printf(format, "wrong");

which it otherwise would.

I would lean towards fixing the ones that can be fixed noninvasively;
particularly in old code the motivation for the status quo seems to
have been manually saving a few bytes on string constants... which the
toolchain should do automatically these days.

David A. Holland

Reply via email to