[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 for-4.7 10/14] libxl: add the printf-like attributes to a couple of functions

To: Wei Liu <wei.liu2@xxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 26 Apr 2016 16:30:36 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Delivery-date: Tue, 26 Apr 2016 15:30:49 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 26/04/16 16:29, Wei Liu wrote:
> On Tue, Apr 26, 2016 at 04:52:19PM +0200, Roger Pau Monne wrote:
> [...]
>> @@ -1995,9 +1995,10 @@ _hidden libxl__json_object 
>> *libxl__json_parse(libxl__gc *gc_opt, const char *s);
>>  _hidden int libxl__device_model_version_running(libxl__gc *gc, uint32_t 
>> domid);
>>    /* Return the system-wide default device model */
>>  _hidden libxl_device_model_version libxl__default_device_model(libxl__gc 
>> *gc);
>> -_hidden char *libxl__device_model_xs_path(libxl__gc *gc, uint32_t dm_domid,
>> -                                          uint32_t domid,
>> -                                          const char *format, ...) 
>> PRINTF_ATTRIBUTE(4, 5);
> Why does this not work with clang?

It is a security consideration.

Passing anything other than a string literal to a printf-style function
is opening a can of worms if an untrusted entity can influence the
content of the string.

I guess clang is better at spotting parameters passed like this than GCC.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2 for-4.7 10/14] libxl: add the printf-like attributes to a couple of functions
  - From: Wei Liu

References:
- [Xen-devel] [PATCH v2 for-4.7 00/14] Fixes for compiling with clang
  - From: Roger Pau Monne
- [Xen-devel] [PATCH v2 for-4.7 10/14] libxl: add the printf-like attributes to a couple of functions
  - From: Roger Pau Monne
- Re: [Xen-devel] [PATCH v2 for-4.7 10/14] libxl: add the printf-like attributes to a couple of functions
  - From: Wei Liu

Prev by Date: Re: [Xen-devel] [PATCH V5] vm_event: Allow subscribing to write events for specific MSR-s
Next by Date: Re: [Xen-devel] [PATCH v9 13/27] x86/xen_hello_world.xsplice: Test payload for patching 'xen_extra_version'.
Previous by thread: Re: [Xen-devel] [PATCH v2 for-4.7 10/14] libxl: add the printf-like attributes to a couple of functions
Next by thread: Re: [Xen-devel] [PATCH v2 for-4.7 10/14] libxl: add the printf-like attributes to a couple of functions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.