Message213743
$ hg id
3736bf94535c+ tip
-Wformat=2 -Wformat-security are useful for detecting possible security related bugs. Compiling with the two options produced a few hits in the source code.
/usr/bin/gcc -pthread -c -Wno-unused-result -Werror=declaration-after-statement -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align -Wtrampolines -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align -Wtrampolines -I. -IInclude -I./Include -DPy_BUILD_CORE -o Objects/unicodeobject.o cpython/./Objects/unicodeobject.c
cpython/./Objects/unicodeobject.c: In function ‘unicode_fromformat_arg’:
cpython/./Objects/unicodeobject.c:2527:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2531:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2535:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2538:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2542:13: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2549:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2553:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2557:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2560:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
I think those are necessary for to `unicode_fromformat_arg`.
/usr/bin/gcc -pthread -c -Wno-unused-result -Werror=declaration-after-statement -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align -Wtrampolines -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align -Wtrampolines -I. -IInclude -I./Include -DPy_BUILD_CORE -o Modules/main.o cpython/./Modules/main.c
cpython/./Modules/main.c: In function ‘usage’:
cpython/./Modules/main.c:111:5: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Modules/main.c:118:9: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Modules/main.c:119:9: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
I think the occurrences in main.c could benefit from "%s" to ensure the program does not accidentally leak. |
|
Date |
User |
Action |
Args |
2014-03-16 17:41:35 | Jeffrey.Walton | set | recipients:
+ Jeffrey.Walton |
2014-03-16 17:41:35 | Jeffrey.Walton | set | messageid: <1394991695.88.0.958685925479.issue20948@psf.upfronthosting.co.za> |
2014-03-16 17:41:35 | Jeffrey.Walton | link | issue20948 messages |
2014-03-16 17:41:35 | Jeffrey.Walton | create | |
|