[Mesa-dev] [PATCH mesa-demos 1/6] es1_info: convert indentString into a literal string
Paulo Zanoni
pzanoni at mandriva.com
Thu Jan 6 08:09:26 PST 2011
This fixes compilation with "-Wformat -Werror=format-security". Some
distros like Mandriva enable this flag by default. Its purpose is to
improve security.
Another option for this patch would be to do
"printf("%s", indentString)", but converting indentString into a literal
also gives the compiler some hints to improve performance.
Signed-off-by: Paulo Zanoni <pzanoni at mandriva.com>
---
By the way, combining this patch with a "printf("%s", indentString)" would
make the code even safer. The last patch of this series does this change, so
you can choose to apply it or not.
Using "printf(string);" is dangerous, might lead to bugs and even
security issues. If the string being printed contains the "%" character
one can do really dangerous things. Even if you think the string in
question might not be dangerous, future code changes might lead that
piece of code to bugs or security holes.
Some references:
http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments
http://wiki.debian.org/Hardening#DEBBUILDHARDENINGFORMAT.28gcc.2BAC8-g.2B-.2B--Wformat-Wformat-security.29
http://en.wikipedia.org/wiki/Format_string_attack
See also "How To Write Shared Libraries" Section 2.4.1, written by Ulrich
Drepper for more information on the difference between 'char *foo = "bar"'
and 'char foo[] = "bar"'
src/egl/opengles1/es1_info.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/egl/opengles1/es1_info.c b/src/egl/opengles1/es1_info.c
index 93816b5..38becc5 100644
--- a/src/egl/opengles1/es1_info.c
+++ b/src/egl/opengles1/es1_info.c
@@ -29,7 +29,7 @@
static void
print_extension_list(const char *ext)
{
- const char *indentString = " ";
+ const char indentString[] = " ";
const int indent = 4;
const int max = 79;
int width, i, j;
--
1.7.1
More information about the mesa-dev
mailing list