| |||||||||||||
How come they did not get a warning?How come they did not get a warning?Posted Feb 3, 2012 12:42 UTC (Fri) by jwakely (subscriber, #60262)In reply to: How come they did not get a warning? by rvfh Parent article: Format string vulnerabilities Strangely enough, the sudo code wasn't doing a "hello world" toy example like the article and your one. Try this, which is closer to the real code
#include <stdarg.h>
#include <stdio.h>
void
sudo_debug(const char* progname, const char *fmt, ...)
{
va_list ap;
char fmt2[200];
sprintf(fmt2, "%s: %s\n", progname, fmt);
va_start(ap, fmt);
vfprintf(stderr, fmt2, ap);
va_end(ap);
}
Still get a warning?
(Log in to post comments)
How come they did not get a warning? Posted Feb 5, 2012 21:35 UTC (Sun) by k8to (subscriber, #15413) [Link]
I naively tend to think this pattern should be not used. I don't see much call for par-formatted strings that are later formatted again.
If you believe you have a fixed string, you can do the moral equivalent of
printf("%s", str);
which is what I do in my code.
If you need to build out a string piecemeal, you can build and append to a string without formatting it more than once.
If you need to do some fairly sophisticated templating functionality that really requires multiple passes of interpretation, there are libraries that are designed for that purpose. Although you should think hard if you really need that; typically you don't.
How come they did not get a warning? Posted Feb 11, 2012 23:27 UTC (Sat) by cras (guest, #7000) [Link]
clang gives a warning with it.
|
|||||||||||||