-
Daniel P. Berrangé authoredWe've been very gradually adding G_GNUC_PRINTF annotations to functions over years. This has been useful in detecting certain malformed printf strings, or cases where we pass user data as the printf format which is a potential security flaw. Given the inherant memory corruption danger in use of format strings vs mis-matched variadic arguments, it is worth applying G_GNUC_PRINTF to all functions using printf, even if we know they are safe. The compilers can reasonably reliably identify such places with the -Wsuggest-attribute=format / -Wmissing-format-attribute flags. Signed-off-by:
Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20221219130205.687815-7-berrange@redhat.com>
[-Wsuggest-attribute=format and -Wmissing-format-attribute are
synonyms, only include one; disable it for testfloat. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Daniel P. Berrangé authoredWe've been very gradually adding G_GNUC_PRINTF annotations to functions over years. This has been useful in detecting certain malformed printf strings, or cases where we pass user data as the printf format which is a potential security flaw. Given the inherant memory corruption danger in use of format strings vs mis-matched variadic arguments, it is worth applying G_GNUC_PRINTF to all functions using printf, even if we know they are safe. The compilers can reasonably reliably identify such places with the -Wsuggest-attribute=format / -Wmissing-format-attribute flags. Signed-off-by:
Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20221219130205.687815-7-berrange@redhat.com>
[-Wsuggest-attribute=format and -Wmissing-format-attribute are
synonyms, only include one; disable it for testfloat. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Loading