[cfe-dev] format security warning
David Blaikie
dblaikie at gmail.com
Thu Jun 5 15:07:59 PDT 2014
On Thu, Jun 5, 2014 at 2:55 PM, Morrell, Michael
<michael.morrell at intel.com> wrote:
> When -Wformat-security is enabled, I get a warning for:
>
> void foo(const char *x)
> {
> printf(x);
> }
>
> which I expect since the format string isn’t a string literal, but I also get it for:
>
> static const char *fmt = “hello\n”;
>
> printf(fmt);
>
> Granted the format string still isn’t a literal, but it is a known compile-time value and I don’t think I should get the warning for this case.
Except it isn't... it's a non-const pointer to const data. If you make
it "static const char *const fmt", then the warning goes away.
>
> Is this a bug or intentional?
>
> Michael
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list