From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:42335)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1SEiLD-00029o-LT
	for qemu-devel@nongnu.org; Mon, 02 Apr 2012 10:34:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1SEiL6-0002S7-3K
	for qemu-devel@nongnu.org; Mon, 02 Apr 2012 10:34:43 -0400
Received: from mx1.redhat.com ([209.132.183.28]:54864)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1SEiL5-0002Rw-Rc
	for qemu-devel@nongnu.org; Mon, 02 Apr 2012 10:34:36 -0400
Date: Mon, 2 Apr 2012 15:34:30 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20120402143430.GI19259@redhat.com>
References: <1333363816-1691-1-git-send-email-berrange@redhat.com>
	<1333363816-1691-9-git-send-email-berrange@redhat.com>
	<CAFEAcA8m14ABv6uoER2Sw9m4HYWTOGL6EmwpFzXUSDypOFMEnw@mail.gmail.com>
	<20120402121736.GC19259@redhat.com>
	<CAFEAcA88n_OrBzT83sUS8-p=wGK+PE3xtS5NajN3kx0XaXefNg@mail.gmail.com>
	<20120402142211.GH19259@redhat.com>
	<CAFEAcA8uFp2SguQCYJyxOrgtrGH_7-1M_4jUGBqrmx-HHic=xg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAFEAcA8uFp2SguQCYJyxOrgtrGH_7-1M_4jUGBqrmx-HHic=xg@mail.gmail.com>
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH 8/9] Add more format string warning flags
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org

On Mon, Apr 02, 2012 at 03:32:51PM +0100, Peter Maydell wrote:
> On 2 April 2012 15:22, Daniel P. Berrange <berrange@redhat.com> wrote:
> > The -Wformat-security option can only catch problems if the format
> > string is a literal. eg so it'd miss this:
> >
> > =C2=A0void foo(void) {
> > =C2=A0 =C2=A0 int notastring =3D 1;
> > =C2=A0 =C2=A0 const char *format =3D "String is %s";
> >
> > =C2=A0 =C2=A0 sprintf(format, notastring);
> > =C2=A0}
> >
> > There are a handful of places in QEMU which do that with non-trivial
> > format strings & were easy to fix in this patch, which I think is a
> > worthwhile improvement. The cases in the *-user/strace.c file though
> > are not practical to fix, without significant re-design of the code
> > in question.
>=20
> To be honest I couldn't tell from your patch whether you'd actually
> fixed any bugs or if you were just moving things around to turn non
> literals into literals.

There were no actual bugs fixed - it was just the change you describe
from non-literal to literal - to protect against future possible bugs.

> (Some of the cleanup looks like a good idea anyway, eg the vnc bits.)

Yep, I don't know why I didn't write that VNC code this way in the
first place now :-)

Daniel
--=20
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange=
/ :|
|: http://libvirt.org              -o-             http://virt-manager.or=
g :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr=
/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vn=
c :|