On Mar 6, 2014, at 3:37 PM, Sean McBride <s...@rogue-research.com> wrote: > On Thu, 6 Mar 2014 15:15:49 -0800, Jens Alfke said: >> I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007, >> where they published a new app or OS security vulnerability every day >> for month. A lot of them were caused by format-string vulnerabilities. >> Soon thereafter the compiler team at Apple added that format-string >> security warning :) > > Though it still doesn't work for NSPredicate APIs:, all these years later, ex: > > ----------------------- > #import <Foundation/Foundation.h> > > int main (void) > { > NSPredicate* predicate = [NSPredicate predicateWithFormat:@"foo == %d"]; > > return !!predicate; > } > ----------------------- > > "clang -Weverything -fsyntax-only ~/test.m" gives nothing! > > <rdar://10699748> Dupes welcome. :)
The problem is that +predicateWithFormat: accepts conversions that are not part of NSString's format string syntax. Adding format string warnings for new format string syntaxes requires compiler changes. -- Greg Parker gpar...@apple.com Runtime Wrangler _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com