Re: StackGuard with ... Re: [Paper] Format bugs.

[Morten Welinder <terra () DIKU DK>]

mixter () 2xs co il wrote:

> It is a bad idea to have any format functions accept format
> strings that aren't hard coded at compile time. All these
> functions need to have one format argument at one location,
> which definitely needs to be a hard-coded string, (using and
> enforcing const). Per definition, it is arguably possible to
> supply variable format strings in a program, but it is
> rarely practically used, and it shouldn't be practically
> used. At least, when supplying any format function a
> non-constant format argument, the compiler should spit out a
> big warning, and it should do that by default without
> warnings enabled.

As a guesstimate, three out of four format strings in newer GNU
programs are non-constant.  That hardly qualifies as rare.  I think
you forgot about internationalisation.

Here's a sample from Gnumeric:

    s = g_strdup_printf (
          _("Workbook %s has unsaved changes, save them?"),
          g_basename (wb->filename));


(Which reminds me: I sure hope that the language files cannot be
controlled by a malicious user.  That would allow putting extra
%-escapes into just about any format string.  Ugh.)


Morten