| |||||||||||||
Format string vulnerabilitiesFormat string vulnerabilitiesPosted Feb 2, 2012 22:22 UTC (Thu) by khim (subscriber, #9252)In reply to: Format string vulnerabilities by csd Parent article: Format string vulnerabilities How can it be faster? It generates identical code:
$ echo 'void foo() { printf("%s\n", "bar"); }' | gcc -S -O2 -xc - -o-
.file ""
.section .rodata.str1.1,"aMS",@progbits,1
.LC0:
.string "bar"
.text
.p2align 4,,15
.globl foo
.type foo, @function
foo:
.LFB0:
.cfi_startproc
movl $.LC0, %edi
jmp puts
.cfi_endproc
.LFE0:
.size foo, .-foo
.ident "GCC: (Ubuntu 4.4.3-4ubuntu5) 4.4.3"
.section .note.GNU-stack,"",@progbits
(Log in to post comments)
Format string vulnerabilities Posted Feb 2, 2012 23:16 UTC (Thu) by csd (subscriber, #66784) [Link]
I meant that the *implementation* of puts is faster than printf, as puts doesn't have to parse through the first param like printf does. In your example, gcc simply optimized the code into calling puts instead of printf, which it can only do for a very limited number of cases (e.g. with a fixed constant as the 1st param, which is not the case that this article covers). In this very similar example, you can see that the generated code is quite different and will be slower to run:
$ echo 'void foo() { extern char *str; printf(str, "bar"); } ; char * str = "%s\n";' | gcc -S -O2 -xc - -o-
So I'll restate my original statement to: "... In most cases, it's faster too"
|
|||||||||||||