|
Bugtraq
mailing list archives
Re: StackGuard with ... Re: [Paper] Format bugs.
From: stanislav shalunov <shalunov () INTERNET2 EDU>
Date: Mon, 24 Jul 2000 16:28:28 -0400
"Stephen J. Friedl" <friedl () MTNDEW COM> writes:
The first thing to do is turn on the damn compiler warnings, because more
and more compilers actually do check printf-like parameters for you. GNU C
does this, as do numerous commercial compilers:
$ cat test.c
#include <stdio.h>
int main(void)
{
printf("i = %d\n"); <--- missing parameter!
}
$ gcc -Wall test.c <-- try again with real warnings
test.c: In function `main':
test.c:5: warning: too few arguments for format
Turning on compiler warnings is nice, of course, and I always have at
least -Wall -W -pedantic on with GCC.
However, in this case compiler warnings buy you nothing.
The most trivial examples aren't dealt with properly:
$ cat try.c
#include <stdio.h>
int
main()
{
char buf[1024];
fgets(buf, sizeof buf, stdin);
printf(buf);
exit(0);
}
$ gcc -Wall -W -pedantic try.c
$ ./a.out
%p
0xa7025
$
 By Date 
By Thread
Current thread:
|
Intro
