Hacker News new | past | comments | ask | show | jobs | submit login

for static specifiers, I can see that. but for dynamically constructed format specifiers, especially where arrays to pointers/vargs are in use, is it possible to have a mitigation for that?

this pseudo-code as an example:

snprintf(fmt,userinputstring,args); printf(fmt,somearray);




Your suspicion is correct, the checks only work when the format string is a literal.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: