Re: [PATCH v2 for-4.7 10/14] libxl: add the printf-like attributes to a couple of functions

[Wei Liu <wei.liu2@citrix.com>]

On Tue, Apr 26, 2016 at 04:30:36PM +0100, Andrew Cooper wrote:
> On 26/04/16 16:29, Wei Liu wrote:
> > On Tue, Apr 26, 2016 at 04:52:19PM +0200, Roger Pau Monne wrote:
> > [...]
> >> @@ -1995,9 +1995,10 @@ _hidden libxl__json_object *libxl__json_parse(libxl__gc *gc_opt, const char *s);
> >>  _hidden int libxl__device_model_version_running(libxl__gc *gc, uint32_t domid);
> >>    /* Return the system-wide default device model */
> >>  _hidden libxl_device_model_version libxl__default_device_model(libxl__gc *gc);
> >> -_hidden char *libxl__device_model_xs_path(libxl__gc *gc, uint32_t dm_domid,
> >> -                                          uint32_t domid,
> >> -                                          const char *format, ...) PRINTF_ATTRIBUTE(4, 5);
> > Why does this not work with clang?
> 
> It is a security consideration.
> 
> Passing anything other than a string literal to a printf-style function
> is opening a can of worms if an untrusted entity can influence the
> content of the string.
> 

I see. I didn't look closely into the function body.

> I guess clang is better at spotting parameters passed like this than GCC.
> 

Sigh. I can't say I like turning that into a macro though. On the other
hand there doesn't seem to be an elegant way of solving that.

Roger, please at least make it look like a macro. Say, name it
DEVICE_MODEL_XS_PATH or something.

Wei.

> ~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel