lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 11 Apr 2019 10:41:09 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Joe Perches <joe@...ches.com>, Louis Taylor <louis@...gniz.eu>,
        David Howells <dhowells@...hat.com>,
        linux-afs@...ts.infradead.org,
        Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
        clang-built-linux@...glegroups.com
Subject: Re: [PATCH] afs: use correct format characters

On Thu, Apr 11, 2019 at 9:31 AM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> On Wed, Apr 10, 2019 at 4:01 PM Joe Perches <joe@...ches.com> wrote:
> >
> > I really think this clang message should be ignored.
>
> Agreed.
>
> > It's really unnecessary as every vararg argument smaller
> > than int size is already promoted to int.
>
> Exactly. It's a pointless warning, making for more complex code, and
> making people remember esoteric printf format details that have no
> reason for existing.
>
> The "h" and "hh" things should never be used. The only reason for them
> being used if if you have an "int", but you want to print it out as a
> "char" (and honestly, that is a really bad reason, you'd be better off
> just using a proper cast to make the code more obvious).
>
> So if what you have a "char" (or unsigned char) you should always just
> print it out as an "int", knowing that the compiler already did the
> proper type conversion.
>
>                              Linus

https://bugs.llvm.org/show_bug.cgi?id=41467

I still think -Wformat helpful for catching completely nonsensical
format strings like printing a floating point type as an integral
type, or not having the correct number of arguments for the number of
format strings.  We'll take a look to see if we can differentiate
between those and these "integer widening" ones better.
-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ