[LLVMbugs] [Bug 11091] New: incorrect warning for printf and printing std::runtime_error::what()

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun Oct 9 05:52:49 PDT 2011


http://llvm.org/bugs/show_bug.cgi?id=11091

           Summary: incorrect warning for printf and printing
                    std::runtime_error::what()
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: Frontend
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: vanboxem.ruben at gmail.com
                CC: llvmbugs at cs.uiuc.edu


This test program:

#include <stdexcept>
#include <cstdio>
using namespace std;

int main()
{
    runtime_error e( "bla" );
    printf( e.what() );
}

Produces this warning:
main.cpp:8:13: warning: format string is not a string literal (potentially
insecure) [-Wformat-security]
    printf( err.what() );
            ^~~~~~~~~~
1 warning generated.

This seems very misleading and warns on correct code like the above, ie when
the format string doesn't contain any format specifiers at all, and is just a
plain const char*.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



More information about the llvm-bugs mailing list