[Debian-med-packaging] Trying to disable error=format-security for clapack
Gert Wollny
gw.fossdev at gmail.com
Mon May 16 10:21:06 UTC 2016
Am Montag, den 16.05.2016, 10:16 +0000 schrieb Gianfranco Costamagna:
> Hi Gert!
>
> >
> > I think, since in this case the (empty) format string passed to the
> > printf call is not user generated there is no security problem to
> > be exploited.
>
> yes, sure, but disabling this flag has a nasty side-effect, it is
> disabled in the *whole* build, possibly
> hiding more serious issues somewhere else.
Of course, that's why I gave the #pragma based disabling that can be
fitted tightly to the offending code.
Best,
Gert
More information about the Debian-med-packaging
mailing list