I don’t think it’s worth the effort to extend that to look for tainted strings, not because it wouldn’t be useful, but because it would be hard to do (as an extreme example: is data read from a file user input? It could be a file containing internationalization info)
The (relatively) few programs that construct format strings on the fly will have to add pragmas to disable these warnings.
I don’t think it’s worth the effort to extend that to look for tainted strings, not because it wouldn’t be useful, but because it would be hard to do (as an extreme example: is data read from a file user input? It could be a file containing internationalization info)
The (relatively) few programs that construct format strings on the fly will have to add pragmas to disable these warnings.