Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Feb 2017 11:07:39 -0800
From: Kees Cook <>
To: Laura Abbott <>
Cc: "" <>
Subject: Re: Format string gcc-plugin?

On Tue, Feb 14, 2017 at 10:01 AM, Laura Abbott <> wrote:
> Hi,
> The recent discussions about %pk led me to start playing around
> with writing a gcc plugin (notes about writing a gcc plugin are
> forthcoming). My idea was to expand checking of the kernel's additional
> formats (%pK, %pR etc.) or possibly even change the format
> strings. The big issue is that most of vsprintf.c would end up
> in the plugin which would be ugly to maintain. This concept could
> be used for some of the problems with kernel pointer leaks
> but I'm interested if anyone else has thoughts or ideas about
> how better to do this (or even not to do this).

If we can leverage common code between the plugin and vsprintf.c, it
should be doable. I haven't looked at processing format strings at
all, though I assume the plugin would need to check the
__printf-generated attributes.

In my related notes was a hint that looking at how gcc does it
normally is gcc/c-family/c-format.c:

And while not strictly part of format type checking, I talked a bit
about dealing with const strings here:


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.