On 08/17/2012 09:15 PM, Gabriel Dos Reis wrote:
Hmm, I think it help a little bit if you could expand on where exactly
the danger the patch is trying to prevent is, and where what
does "unbound parameter" refer to or mean? (I don't know what
an unbound parameter is)
Sorry for being unclear.
On Fri, Aug 17, 2012 at 11:22 AM, Florian Weimer wrote:
> In some real-world code, I noticed a curious pattern: using the unsafe
> string functions on function parameter arguments. This leads to
> gets()-style unsafe APIs.
>
> I've looked at how to implement a warning for this, and came up with t
In some real-world code, I noticed a curious pattern: using the unsafe
string functions on function parameter arguments. This leads to
gets()-style unsafe APIs.
I've looked at how to implement a warning for this, and came up with the
attached patch. Do you think this makes sense?
1 #
