[LLVMdev] code analysis bug
Bruce Korb
bkorb at gnu.org
Sat Sep 5 12:24:11 PDT 2009
In file included from ag.c:34:
./tpProcess.c:117:31: warning: format string is not a string literal
(potentially insecure)
fprintf( pfTrace, zBadR+2 );
This is another analytical bug. "zBadR" is, in fact, a string literal.
I am writing from the second byte. I ought to have used fputs()
instead, and will, but meanwhile, this is a bug. Here is the usage
and the two bytes skipped happen to be "%s":
if (*pzOopsPrefix != NUL) {
fprintf( stdout, zBadR, pzOopsPrefix );
pzOopsPrefix = zNil;
} else {
fprintf( pfTrace, zBadR+2 );
}
on second thought, I'll replace all that with just the first fprintf.
There's still an analysis bug. Thank you! Regards, Bruce
More information about the llvm-dev
mailing list