[Debian-med-packaging] Trying to disable error=format-security for clapack

Gert Wollny gw.fossdev at gmail.com
Mon May 16 10:21:06 UTC 2016


Am Montag, den 16.05.2016, 10:16 +0000 schrieb Gianfranco Costamagna:
> Hi Gert!
> 
> > 
> > I think, since in this case the (empty) format string passed to the
> > printf call is not user generated there is no security problem to
> > be exploited.
> 
> yes, sure, but disabling this flag has a nasty side-effect, it is
> disabled in the *whole* build, possibly
> hiding more serious issues somewhere else.

Of course, that's why I gave the #pragma based disabling that can be
fitted tightly to the offending code. 

Best, 
Gert 





More information about the Debian-med-packaging mailing list