[cfe-dev] RFC: default to -Werror=format-security
Joerg Sonnenberger via cfe-dev
cfe-dev at lists.llvm.org
Tue Feb 23 16:11:36 PST 2016
On Wed, Feb 24, 2016 at 12:57:37AM +0300, Andrey Bokhanko via cfe-dev wrote:
> Another interesting case is from gnumeric
> (https://github.com/paulfitz/gnumeric/blob/master/src/tools/analysis-frequency.c,
> lines 144-155):
>
> switch (info->base.group_by) {
> case GROUPED_BY_ROW:
> format = _("Row %d");
> break;
> case GROUPED_BY_COL:
> format = _("Column %d");
> break;
> default:
> format = _("Area %d");
> break;
> }
> dao_set_cell_printf (dao, col, 1, format, col);
>
>
> ("dao_set_cell_print" is just a wrapper around printf)
>
> But we can't compile this code already! -- as gnumeric build adds
> "-Werror=format=2" that turns "format string is not a string literal"
> warning into an error:
>
> analysis-frequency.c:155:38: error: format string is not a string literal
> [-Werror,-Wformat-nonliteral]
> dao_set_cell_printf (dao, col, 1, format, col);
> ^~~~~~
This is a completely different issue than what was discussed earlier.
First of all, it is using non-standard flags. Second, it can be easily
rewritten into a form that is safte and doesn't trigger the warning by
pushing the dao_set_cell_printf into the switch. Note that gettext
itself is annotated for format string compatibility, so it doesn't count
as non-literal by itself.
Joerg
More information about the cfe-dev
mailing list