On 12/09/2013 03:33 PM, Przemek Klosowski wrote:
On 12/06/2013 09:21 AM, Ralf Corsepius wrote:
printf(string) is legitimate C, forcing "printf("%s", string) is just
silly.
My apologies for being repetitive, but the original point is that
printf(string) is insecure unless you can guarantee that you control
'string' now and forever. Also, %s is the format for printing
strings, so I just can't agree that coding printf("%s", string) is silly.
Silly is not the right word. printf("%s", string) is inefficient. In
this case, it would be better to use puts/fputs.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
