Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: StackGuard with ... Re: [Paper] Format bugs.

From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Mon, 24 Jul 2000 21:50:35 +0200
The first thing to do is turn on the damn compiler warnings, because more
and more compilers actually do check printf-like parameters for you. GNU C
does this, as do numerous commercial compilers:

        $ cat test.c
        #include <stdio.h>

        int main(void)
        {
                printf("i = %d\n");             <--- missing parameter!
        }



And, e.g., Sun lint supports this too:


cat x.c
#include <stdio.h>
/* PRINTFLIKE1 */
extern setproctitle(const char *fmt, ...);


int main(int argc, char *argv[])
{
     printf("i = %d\n");
     setproctitle("%s");
     setproctitle(argv[0]);

}
% lint x.c
(12) warning: Function has no return statement : main

argument unused in function
    (6) argc in main

function falls off bottom without returning value
    (12) main

function returns value which is always ignored
    printf

too few arguments for format
    printf              x.c(8)
    setproctitle        x.c(9)



(Not setproctitle in Solaris, just an exampel of how
to declare such a function)

Of course, this shows a weakness too.  Standard broken usage
such as "*printf(s)" doesnt' get flagged..


Casper
Previous By Date Next
Previous By Thread Next

Current thread: