Re: mass bug filing for undefined sn?printf use
Kees Cook wrote:
> On Sun, Dec 28, 2008 at 03:10:37PM +0100, Thomas Viehmann wrote:
>> How about either matching stuff against the build logs or recompiling
> I didn't have the resources to do this, but it's be great if someone could.
If you have the means of recompiling, say with pbuilder, that should
give you logs to look at.
>> with a compiler that actually fails when asked to compile a file that
>> matches? That would seem to have potential for reducing the number of
>> false positives.
> I'd really love that too -- I just don't know how to modify the compiler to
> do it. :)
You could try to use a wrapper for the various gcc binaries that greps
through the *.c?? it is passed with your regexp, logging the matches and
then calling the real binary. But then maybe I just don't have a clue
how to do it better.
It'll still have false positives from the regexp itself, but you'll
exclude code that isn't used.
Thomas Viehmann, http://thomas.viehmann.net/