HTCondor Project List Archives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-devel] Replace sprintf overloads with formatstr

Date: Mon, 20 Aug 2012 22:25:35 -0400 (EDT)
From: Tim St Clair <tstclair@xxxxxxxxxx>
Subject: Re: [Condor-devel] Replace sprintf overloads with formatstr

I'll Shepard them in.  

----- Original Message -----
> From: "Brian Bockelman" <bbockelm@xxxxxxxxxxx>
> To: "Florian Weimer" <fweimer@xxxxxxxxxx>
> Cc: "condor-devel" <condor-devel@xxxxxxxxxxx>
> Sent: Monday, August 20, 2012 8:23:09 PM
> Subject: Re: [Condor-devel] Replace sprintf overloads with formatstr
> 
> Hi folks,
> 
> Can we give these patches some love?  Is there a bug opened for them?
>  I found myself hitting the precise case Florian was talking about
> (debugging how the heck we don't have an overflow in a sprintf
> callsite, only to find it was the "special" sprintf).
> 
> Florian - Can you also share the clang plugin?  Another of the
> projects I work on has started to write clang static analyzers, and
> I need to brush up on my skills.
> 
> Brian
> 
> On Aug 3, 2012, at 8:41 AM, Florian Weimer <fweimer@xxxxxxxxxx>
> wrote:
> 
> > The attached patches (against master) replace calls to the global
> > sprintf overloads with calls to new formatstr functions.
> >  Similarly, MyString::[v]sprintf is renamed to
> > MyString::[v]formatstr.
> > 
> > The idea is that sprintf (as an unsafe C API) stands out better
> > after these changes, simplifying code review and encouraging
> > migration to formatstr or snprintf.
> > 
> > The patches are mostly auto-generated, using a Clang plug-in which
> > examines the AST to tell the different sprintf implementations
> > apart.  I may have missed Windows-specific code and code under
> > #ifdef, so it is probably best not to apply the removal patches
> > yet.
> > 
> > I can regenerate the patches for other branches and change
> > "formatstr" to some other identifier if you want me to.
> > 
> > --
> > Florian Weimer / Red Hat Product Security Team
> > <0004-Add-formatstr-and-vformatstr-functions.patch><0005-Replace-calls-to-global-sprintf-overloads-with-forma.patch><0006-Remove-global-sprintf-overloads.patch><0007-Introduce-MyString-formatstr-and-MyString-vformatstr.patch><0008-Replace-calls-to-MyString-v-sprintf-with-MyString-v-.patch><0009-Remove-sprintf-and-vsprintf-methods-from-MyString.patch>_______________________________________________
> > Condor-devel mailing list
> > Condor-devel@xxxxxxxxxxx
> > https://lists.cs.wisc.edu/mailman/listinfo/condor-devel
> 
> 
> _______________________________________________
> Condor-devel mailing list
> Condor-devel@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-devel

References:
- Re: [Condor-devel] Replace sprintf overloads with formatstr
  - From: Brian Bockelman

Prev by Date: Re: [Condor-devel] Replace sprintf overloads with formatstr
Previous by thread: Re: [Condor-devel] Replace sprintf overloads with formatstr
Next by thread: [Condor-devel] Branches to bag-n-tag
Index(es):
- Date
- Thread