[cfe-dev] format security warning
Morrell, Michael
michael.morrell at intel.com
Thu Jun 5 15:14:36 PDT 2014
David,
Thanks. You have a good point, but even though my pointer is non-const and could be changed, couldn’t the compiler see that it isn’t changed between the assignment and the printf call and still suppress the warning?
Michael
On Jun 5, 2014, at 3:07 PM, David Blaikie <dblaikie at gmail.com> wrote:
> On Thu, Jun 5, 2014 at 2:55 PM, Morrell, Michael
> <michael.morrell at intel.com> wrote:
>> When -Wformat-security is enabled, I get a warning for:
>>
>> void foo(const char *x)
>> {
>> printf(x);
>> }
>>
>> which I expect since the format string isn’t a string literal, but I also get it for:
>>
>> static const char *fmt = “hello\n”;
>>
>> printf(fmt);
>>
>> Granted the format string still isn’t a literal, but it is a known compile-time value and I don’t think I should get the warning for this case.
>
> Except it isn't... it's a non-const pointer to const data. If you make
> it "static const char *const fmt", then the warning goes away.
>
>>
>> Is this a bug or intentional?
>>
>> Michael
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list