Olivier Hainque <[EMAIL PROTECTED]> writes: > genmodes.c uses the %n capabilities of printf to compute the width of > pieces it outputs. This causes troubles on Windows Vista, because ... > > << Because of security reasons, support for the %n format specifier is > disabled by default in printf and all its variants. ... the default > behavior is to invoke the invalid parameter handler ... > >> > [http://msdn2.microsoft.com/en-us/library/ms175782%28VS.80%29.aspx] > > It seems to me that we could replace the uses of %n by uses of printf > return values. I'm not clear whether this would be considered portable > enough, however.
What is the security issue here? I'm not seeing it. Are they concerned that attackers will modify the print control string somehow? We've decided that gcc will require an ISO C90 compiler to build. And the behaviour of %n is clearly specified in ISO C90. Actually, it's not quite as clearcut as that, since we haven't necessarily committed to an ISO C90 C library. At least, we still have supporting functions in libiberty which are not required if we can assume an ISO C90 C library. This deficiency is presumably only going to arise for a mingw hosted gcc. Would it be possible for the mingw startup file to call _set_printf_count_output? Perhaps under the control of a command line option at link time? Or, if we think that other systems are likely to also start disabling %n by default, then it would make sense for us to change the code. It would be easy to replace it with strlen calls, or, as you suggest, by checking the return value of printf. The return value of printf is portable (unlike the return value of sprintf). Ian
