On Fri, Sep 25, 2015 at 10:41 AM, Rasmus Villemoes
wrote:
> If we meet any invalid or unsupported format specifier, 'handling' it
> by just printing it as a literal string is not safe: Presumably the
> format string and the arguments passed gcc's type checking, but that
> means something like
On Mon, Sep 28 2015, Andy Shevchenko wrote:
>> /*
>> - * Since %n poses a greater security risk than
>> utility, treat
>> - * it as an invalid format specifier. Warn about its
>> use so
>> - * that new instances don't get added.
>> +
On Fri, 2015-09-25 at 19:41 +0200, Rasmus Villemoes wrote:
> If we meet any invalid or unsupported format specifier, 'handling' it
> by just printing it as a literal string is not safe: Presumably the
> format string and the arguments passed gcc's type checking, but that
> means something like
On Mon, Sep 28 2015, Andy Shevchenko wrote:
>> /*
>> - * Since %n poses a greater security risk than
>> utility, treat
>> - * it as an invalid format specifier. Warn about its
>> use so
>> - * that new
On Fri, 2015-09-25 at 19:41 +0200, Rasmus Villemoes wrote:
> If we meet any invalid or unsupported format specifier, 'handling' it
> by just printing it as a literal string is not safe: Presumably the
> format string and the arguments passed gcc's type checking, but that
> means something like
On Fri, Sep 25, 2015 at 10:41 AM, Rasmus Villemoes
wrote:
> If we meet any invalid or unsupported format specifier, 'handling' it
> by just printing it as a literal string is not safe: Presumably the
> format string and the arguments passed gcc's type checking, but that
If we meet any invalid or unsupported format specifier, 'handling' it
by just printing it as a literal string is not safe: Presumably the
format string and the arguments passed gcc's type checking, but that
means something like sprintf(buf, "%n %pd", , dentry) would end
up interpreting as a
If we meet any invalid or unsupported format specifier, 'handling' it
by just printing it as a literal string is not safe: Presumably the
format string and the arguments passed gcc's type checking, but that
means something like sprintf(buf, "%n %pd", , dentry) would end
up interpreting as a
8 matches
Mail list logo