[cfe-dev] vprintf(3) and "format string is not a string literal"
Ted Kremenek
kremenek at apple.com
Mon Dec 17 09:46:56 PST 2007
On Dec 17, 2007, at 5:48 AM, Shantonu Sen wrote:
>> Ultimately, we should probably make warnings like these an option.
>> People can then decide their own policy on when such warnings are
>> emitted.
>
> How about this:
> $ clang -std=c99 a.c
> a.c:10:23: warning: format string is not a string literal
> (potentially insecure)
> ret = vprintf(fmt, ap);
> ~~~~~~~ ^
> 1 diagnostic generated.
> $ clang -std=c99 a.c -Wno-format-nonliteral
> $
>
> <clang.cpp.diff>
This looks great to me. I'll go and apply the patch.
More information about the cfe-dev
mailing list