[LLVMbugs] [Bug 9314] New: -Wformat-security false positive with __func__ and __PRETTY_FUNCTION__

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Thu Feb 24 07:29:42 PST 2011


http://llvm.org/bugs/show_bug.cgi?id=9314

           Summary: -Wformat-security false positive with __func__ and
                    __PRETTY_FUNCTION__
           Product: clang
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: will at willthompson.co.uk
                CC: llvmbugs at cs.uiuc.edu


Clang doesn't believe that __func__ and __PRETTY_FUNCTION__ are string
literals. Thus the following sample program:

    #include <stdio.h>

    int
    main (int argc, char **argv)
    {
      printf (__PRETTY_FUNCTION__);
      printf (__func__);
      return 0;
    }

produces the following diagnostics:

    % clang -Wformat-security -o pretty pretty.c
    pretty.c:6:11: warning: format string is not a string literal
          (potentially insecure) [-Wformat-security]
      printf (__PRETTY_FUNCTION__);
              ^~~~~~~~~~~~~~~~~~~
    pretty.c:7:11: warning: format string is not a string literal
          (potentially insecure) [-Wformat-security]
      printf (__func__);
              ^~~~~~~~
    2 diagnostics generated.

The warning is technically accurate, I suppose: they are not literals per se.
But they can't contain format string-significant characters, so this usage
feels harmless to me.

I'm using:
     % clang --version
    clang version 1.1 (Debian 2.7-3)
    Target: x86_64-pc-linux-gnu
    Thread model: posix

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



More information about the llvm-bugs mailing list