string - Valid printf() statements in C -

-

given that:

char *message = "hello, world"; char *format  = "x=%i\n"; int x = 10;

why printf (message); invalid (i.e. rejected compiler being potentially insecure) , printf (format, x); isn't?

is format treated string literal in case , message format string? if so, why?


update

know why printf (message); rejected. question is, why printf (format, x); not rejected too.

i'm using clang. error message printf (message); format string not string literal (potentially insecure).

it compiles fine under gcc. appear compiler specific , how clang sets warnings.

you can warning in both cases enabling -wformat-nonliteral option, not included in either -wall or -wextra (but is in -weverything).

for whatever reason, seems intentional design decision emit security warning when non-literal printf statement takes no additional arguments. source code emits warning can found in lib/sema/semachecking.cpp:

  // if there no arguments specified, warn -wformat-security, otherwise   // warn -wformat-nonliteral.   if (args.size() == firstdataarg)     diag(args[format_idx]->getlocstart(),          diag::warn_format_nonliteral_noargs)       << origformatexpr->getsourcerange();   else     diag(args[format_idx]->getlocstart(),          diag::warn_format_nonliteral)            << origformatexpr->getsourcerange();

i'd guess compatibility existing legacy code, that's pure speculation.


Comments

Post a Comment

Popular posts from this blog

sql server - MSSQL Text and Varchar(MAX) fields shown (MEMO) in DBGrid -

-
Image
i have encountered problem in mssql & delphi xe3. text , varchar(max) fields seemed (memo) or (widememo) in tdbgrid & tdbadvgrid (tms dbgrid). in first screenshot can see table fiels, in second screentshot can see sample data in database: in screenshot, see how in dbgrid or in query results. i figured out changing field type char , varchar not max solves issue don't know why having problem. can please let me know?
Read more

php - Changing the visibility scope of parent methods in child classes -

-
i've got validator class , uservalidator class extends it. my validator has public method setrule(...) public visibility. when extend want change visibility of setrule(...) parent method private/protected within child it's visible child , no outsiders can call method from child. is possible? if so, how achieve it? from architectural point of view not recommended. stated in comments clean way set method protected children can access it. i cannot think of single use case put me in need call public method on parent class not allowed call on child class. that's against open/closed principle. classes should open extension, not modification. since not question i'll provide way how can achieved though. note: this method makes use of class responsible instantiation it's hack. solution not make use of php's native language features when throwing accessibility errors. first let's define classes had <?php class validator { ...
Read more

qml - Is it possible to implement SystemTrayIcon functionality in Qt Quick application -

-
i writing qtquick desktop application. use both c++ (for functionality) , qml (for ui) in it. use qquickview show interface written in qml. i want application reside in system tray when minimised. i mean functionality similar example. http://qt-project.org/doc/qt-4.8/desktop-systray.html . trying implement feature not find way in qt quick application. here main.cpp code: #include <qguiapplication> #include <qqmlengine> #include <qqmlcontext> #include <qqmlfileselector> #include <qquickview> #include "myapp.h" int main(int argc, char* argv[]) { qguiapplication app(argc,argv); app.setapplicationname(qfileinfo(app.applicationfilepath()).basename()); qdir::setcurrent(qapp->applicationdirpath()); myapp myappobject; qquickview view; view.connect(view.engine(), signal(quit()), &app, slot(quit())); view.rootcontext()->setcontextproperty("myappobject", &myappobject); new qqmlfilese...
Read more