On Thu, Aug 18, 2011 at 01:51:33PM -0500, David Young wrote: > > Rather than sweeping the issue under the rug, wouldn't it be better to > > actually fix the problem? > > > > See attached diff which replaces the "variable" format with a > > literal #define string ... > > I think we should make no changes to appease the compiler in this case. > There is nothing inherently safer about using a literal format string > than a static const format string, the compiler just isn't smart enough > to tell an unsafe non-literal format string from a safe one.
That's not entirely true; e.g. if the compiler can't figure out that the format string is constant, it won't catch stuff like const char format = "%d"; : printf(format, "wrong"); which it otherwise would. I would lean towards fixing the ones that can be fixed noninvasively; particularly in old code the motivation for the status quo seems to have been manually saving a few bytes on string constants... which the toolchain should do automatically these days. -- David A. Holland dholl...@netbsd.org