Am Montag, den 16.05.2016, 10:16 +0000 schrieb Gianfranco Costamagna: > Hi Gert! > > > > > I think, since in this case the (empty) format string passed to the > > printf call is not user generated there is no security problem to > > be exploited. > > yes, sure, but disabling this flag has a nasty side-effect, it is > disabled in the *whole* build, possibly > hiding more serious issues somewhere else.
Of course, that's why I gave the #pragma based disabling that can be fitted tightly to the offending code. Best, Gert
