On Thu, Aug 18, 2011 at 01:51:33PM -0500, David Young wrote:
> > Rather than sweeping the issue under the rug, wouldn't it be better to
> > actually fix the problem?
> >
> > See attached diff which replaces the "variable" format with a
> > literal #define string ...
>
> I think we should make no changes to appease the compiler in this case.
> There is nothing inherently safer about using a literal format string
> than a static const format string, the compiler just isn't smart enough
> to tell an unsafe non-literal format string from a safe one.
That's not entirely true; e.g. if the compiler can't figure out that
the format string is constant, it won't catch stuff like
const char format[] = "%d";
:
printf(format, "wrong");
which it otherwise would.
I would lean towards fixing the ones that can be fixed noninvasively;
particularly in old code the motivation for the status quo seems to
have been manually saving a few bytes on string constants... which the
toolchain should do automatically these days.
--
David A. Holland
dholl...@netbsd.org
