[cfe-dev] RFC: default to -Werror=format-security

Craig, Ben via cfe-dev cfe-dev at lists.llvm.org
Tue Feb 16 11:15:28 PST 2016


I'm great with this being an error.  "printf(fmt, x, y, z);" is 
suspicious, and can remain a warning, but "printf(fmt);" should just 
default to being an error.  Just be sure there is a way to turn it back 
into a warning, or squelched entirely.

You should strongly consider adding a fix-it for this situation. That 
should make it slightly more palatable to turn the warning into an error.

On 2/16/2016 1:01 PM, David Blaikie via cfe-dev wrote:
> What other warnings do we default to error? Do we seem to have any 
> (defacto or explicit) guideline for deciding?
>
> On Mon, Feb 15, 2016 at 6:04 PM, Bob Wilson via cfe-dev 
> <cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>> wrote:
>
>     We’ve had a number of requests to make the format-security warning
>     default to an error. This warning complains about a printf-like
>     format string that is not a literal string and is used without any
>     arguments. E.G.:
>
>     format-security.c:4:10: warning: format string is not a string
>     literal (potentially insecure) [-Wformat-security]
>       printf(fmt);
>              ^~~
>     1 warning generated.
>
>     For background, if the format string can be controlled by external
>     input, the security risk is that it could contain “%” characters
>     and be used to clobber memory. The alternative is to use a fixed
>     “%s” format, e.g., printf(“%s”, fmt).
>
>     This catches real-world security holes, but sometimes people don’t
>     pay attention to warnings. Promoting this warning to an error by
>     default would get people’s attention and help motivate them to fix
>     their code. But, the obvious downside is that it could be
>     disruptive. Existing code might fail to build and would either
>     require source code fixes or build changes to specify
>     -Wno-error=format-security.
>
>     Opinions?
>     _______________________________________________
>     cfe-dev mailing list
>     cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
>     http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160216/62202409/attachment.html>


More information about the cfe-dev mailing list