[LLVMbugs] [Bug 11608] New: -Wformat-security false positive with literal string + offset
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Sun Dec 18 09:20:50 PST 2011
http://llvm.org/bugs/show_bug.cgi?id=11608
Bug #: 11608
Summary: -Wformat-security false positive with literal string +
offset
Product: clang
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
AssignedTo: unassignedclangbugs at nondot.org
ReportedBy: dimitry at andric.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
In a bit of older code that I am running through clang, to clean out
warnings, I encountered the following rather tricky construction (but is
still valid C):
#include <stdio.h>
void foo(void)
{
int noquotes = 2
printf("\" hello world" + noquotes);
}
Of course in the original program, noquotes could be either 0 or 2, so
quotes before the string would either be printed or not.
However, clang always warns about it, as follows:
literal.c:6:10: warning: format string is not a string literal (potentially
insecure) [-Wformat-security]
printf("\" hello world" + noquotes);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
Somebody pointed out to me that a string literal plus an offset is still
a string literal, so this is a false positive.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list