Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: StackGuard with ... Re: [Paper] Format bugs.

From: Daniel Jacobowitz <drow () FALSE ORG>
Date: Sat, 22 Jul 2000 17:10:33 -0700
On Fri, Jul 21, 2000 at 10:48:57PM -0600, Brett Glass wrote:

2) The C language itself has no way of specifying a MINIMUM number of
arguments for a function call. Had the compiler noted that setproctitle()
and similar functions need at least two arguments, the mistakes would
have been caught from the get-go.

The latter problem can be solved by insisting upon the use of macros
that mandate a minimum number of arguments and produce a warning
or error message otherwise.


But setproctitle() does not have a minimum of two arguments.  Witness:
setproctitle("Pointless static message.");

The issue deals more with non-constant format strings.

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan () debian org         |  |       dmj+ () andrew cmu edu      |
\--------------------------------/  \--------------------------------/
Previous By Date Next
Previous By Thread Next

Current thread: