[collectd] Poisoning sprintf (was: 4.5.0 on solaris with gcc and the postgresql plugin)

Florian Forster octo at verplant.org
Thu Oct 16 10:27:17 CEST 2008


On Tue, Oct 14, 2008 at 02:47:17PM +1030, Admin wrote:
> /usr/include/sys/strft.h:112:4: attempt to use poisoned "sprintf"
> /usr/include/sys/strft.h:114:4: attempt to use poisoned "sprintf"

since various people have stumbled around this, I'll probably take the
`poisoning' out again with the next release. It'd be nice to have to
prevent new plugin authors from accidentally using insecure functions,
but as it's implemented it's not really usable.

The problem is that ``poisoned'' functions may not even be used to
define macros. So the following will give an error:
  #pragma GCC poison sprintf
  #define FOO(val, buf) sprintf (buf, "%i", val)

The pragma would be *much* more useful if it would catch direct or
indirect *uses* of `FOO' instead of complaining about the *definition*
of the macro.. As it is, I think it's doing more harm than good :/

> The postgresql plugin is missing a couple of PQclear() calls

I've applied that patch, thanks :)

Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20081016/9a2418ff/attachment.pgp 

More information about the collectd mailing list