On Thu, 6 Mar 2014 15:47:08 -0800, Greg Parker said: >>> I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007, >>> where they published a new app or OS security vulnerability every day >>> for month. A lot of them were caused by format-string vulnerabilities. >>> Soon thereafter the compiler team at Apple added that format-string >>> security warning :) >> >> Though it still doesn't work for NSPredicate APIs:, all these years >later, ex: >> >> ----------------------- >> #import <Foundation/Foundation.h> >> >> int main (void) >> { >> NSPredicate* predicate = [NSPredicate predicateWithFormat:@"foo == %d"]; >> >> return !!predicate; >> } >> ----------------------- >> >> "clang -Weverything -fsyntax-only ~/test.m" gives nothing! >> >> <rdar://10699748> Dupes welcome. :) > >The problem is that +predicateWithFormat: accepts conversions that are >not part of NSString's format string syntax. Adding format string >warnings for new format string syntaxes requires compiler changes.
Incase anyone wants to cc themselves, I created this bug: <http://llvm.org/bugs/show_bug.cgi?id=19200> Cheers, -- ____________________________________________________________ Sean McBride, B. Eng s...@rogue-research.com Rogue Research www.rogue-research.com Mac Software Developer Montréal, Québec, Canada _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com