Ethereal-dev: Re: [Ethereal-dev] [Coverity] Possible Format String Vulnerabilites

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 16 Mar 2005 18:52:03 -0800
Gerald Combs wrote:

BTW, is there any way to check for this sort of thing at compile time?
proto_tree_add_text() should arguably have at least 6 arguments no
matter what.

	proto_tree_add_text(tree, tvb, offset, padbytes, "Padding");

Unfortunately, given that the above, just like

	printf("Hello, sailor!\n");

is valid, GCC's printf-checker won't complain about either of those.

Perhaps there's a way to get it to warn about non-constant format arguments - but as those are valid, too, either that'd have to require a special compiler option or there'd have to be some other way of suppressing it.