https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83520
Eric Gallager <egallager at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |egallager at gcc dot gnu.org
--- Comment #4 from Eric Gallager <egallager at gcc dot gnu.org> ---
(In reply to Touma Hatano from comment #3)
> Sorry for misleading.
> My point was that if we can replace
> snprintf (program_name, sizeof (program_name), program_invocation_name);
> with
> snprintf (program_name, sizeof (program_name), "%s",
> program_invocation_name);
> , the program won't crash when program_invocation_name contains format
> specifiers.
>
> How do you think?
Shouldn't -Wformat-security catch this? If it doesn't, that's a bug, IMO...
