On 03/15/2010 12:50 AM, Vladimir Prus wrote:
On Sunday 14 March 2010 23:37:06 Scott McMurray wrote:
On 14 March 2010 15:21, Tom Brinkman<reportbase2007@gmail.com> wrote:
The printf style parameters is responsible for thousands and thousands of security vulnerabilities.
Just plain wrong.
Some evidence for your position would be good, since it's trivial to find documentation of holes from printf-style parameters: http://en.wikipedia.org/wiki/Format_string_attack
I don't think that's hole from printf-style parameters. By reading that page it's trivial to notice that it's the %n format specifier -- which actually writes something into program -- is the key component of attack. Clearly a printf-like function that does not support any way to modify program state is safe. Am I missing something?
You do understand that the use of ellipsis is error-prone, even if it doesn't lead to program modification, do you? It is common knowledge that sprintf-like functions are often misused, which results in buffer overruns or incorrect arguments being passed. In C++, the problem of accidental passing of non-POD typed arguments is added.