<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 17, 2016 at 1:10 PM, Craig, Ben via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
On 2/17/2016 3:03 PM, Sean Silva via cfe-dev wrote:<br>
<blockquote type="cite">
<div dir="ltr">On Wed, Feb 17, 2016 at 5:27 AM, Aaron Ballman via
cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span>
wrote:<br>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span>On Wed, Feb 17, 2016 at 3:48 AM, David Chisnall<br>
<<a href="mailto:David.Chisnall@cl.cam.ac.uk" target="_blank">David.Chisnall@cl.cam.ac.uk</a>>
wrote:<br>
> On 16 Feb 2016, at 21:56, Aaron Ballman via cfe-dev
<<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>>
wrote:<br>
>><br>
>> Sorry, but printf(fmt); is *always* a true
positive in my book. Same<br>
>> with failing to return from all code paths.
(etc)<br>
><br>
> You are wrong. The most common reason for
printf(fmt) to appear is that fmt is the result of doing
a lookup of the locale-aware version of some constant
string. In this case, the contents of fmt is entirely
under the control of whoever shipped the application,
and will have been checked for format string
vulnerabilities by the localisation tools (at least,
assuming that the original that is being translated are
free from vulnerabilities). If you are not doing any
caching in the application, then you can mark the
translation function with the attribute that indicates
that its input and output have the same format string
compatibility. If you are caching, then there is no
easy way of silencing this warning.<br>
><br>
> Making this an error will cause valid and correct
code to fail to compile and will result in people simply
disabling the warning, rather than checking it.<br>
<br>
</span>If the expected string does not have any format
specifiers, then<br>
printf("%s", fmt) is definitely the correct way to write
that because<br>
the assumption "entirely under the control of whoever
shipped the<br>
application" is a poor one. If it does have format
specifiers, I agree<br>
that we should not err, but I don't believe that was on
the table.<br>
</blockquote>
<div><br>
</div>
<div>I think David is talking about a situation where it is
e.g.</div>
<div><br>
</div>
<div>printf(translate("Please enter a number from %d-%d\n"),
lo, hi);</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<br></span>
Note from the original post:<span class=""><br>
"This warning complains about a printf-like format string that
is not a literal string and is used without any arguments."<br></span>
That means that 'printf(translate("Please press OK to continue"));'
would trigger this warning (rightfully). But the example you gave
would not trigger the warning, as the invocation has extra 'lo' and
'hi' arguments.</div></blockquote><div><br></div><div>Even in the case of a single argument to printf, I think an idiom like translation could apply - it would seem plausible that a translation dictionary would have strings in a consistent format, and that format would be printf-escaped text, rather than only having strings with placeholders be printf-escaped. So it would make sense to always printf a translated string, I would think.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>-- Sean Silva</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
~Aaron<br>
<div>
<div>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
cfe-dev mailing list
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</span><span class=""><pre cols="72">--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
</pre>
</span></div>
<br>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br></div></div>