[LLVMbugs] [Bug 9314] New: -Wformat-security false positive with __func__ and __PRETTY_FUNCTION__
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Feb 24 07:29:42 PST 2011
http://llvm.org/bugs/show_bug.cgi?id=9314
Summary: -Wformat-security false positive with __func__ and
__PRETTY_FUNCTION__
Product: clang
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
AssignedTo: unassignedclangbugs at nondot.org
ReportedBy: will at willthompson.co.uk
CC: llvmbugs at cs.uiuc.edu
Clang doesn't believe that __func__ and __PRETTY_FUNCTION__ are string
literals. Thus the following sample program:
#include <stdio.h>
int
main (int argc, char **argv)
{
printf (__PRETTY_FUNCTION__);
printf (__func__);
return 0;
}
produces the following diagnostics:
% clang -Wformat-security -o pretty pretty.c
pretty.c:6:11: warning: format string is not a string literal
(potentially insecure) [-Wformat-security]
printf (__PRETTY_FUNCTION__);
^~~~~~~~~~~~~~~~~~~
pretty.c:7:11: warning: format string is not a string literal
(potentially insecure) [-Wformat-security]
printf (__func__);
^~~~~~~~
2 diagnostics generated.
The warning is technically accurate, I suppose: they are not literals per se.
But they can't contain format string-significant characters, so this usage
feels harmless to me.
I'm using:
% clang --version
clang version 1.1 (Debian 2.7-3)
Target: x86_64-pc-linux-gnu
Thread model: posix
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list