Ian Lance Taylor wrote: > What is the security issue here? I'm not seeing it. Are they > concerned that attackers will modify the print control string somehow?
I don't know. We simply have observed bootstrap problems during preliminary experiments on Vista, found them to be caused by uninitialized values of "count_" in genmodes and traced this to the %n issue. We have been using a patch almost identical to what Paolo posted, and and I raised the question on gcc@ to see whether this approach was considered correct before performing a formal test-cycle and submission to gcc-patches. [...] > This deficiency is presumably only going to arise for a mingw hosted > gcc. Would it be possible for the mingw startup file to call > _set_printf_count_output? Perhaps under the control of a command line > option at link time? Maybe, I don't know either. The printf-return-value solution just looked straightforward, so that's the first option which came to mind, moderated by the potential portability question. > The return value of printf is portable (unlike the return value of > sprintf). OK, I see Paolo has committed a change along those lines already. Thanks much for your feedback, Olivier
