[LLVMdev] code analysis bug

Bruce Korb bkorb at gnu.org
Sat Sep 5 12:24:11 PDT 2009

In file included from ag.c:34:
./tpProcess.c:117:31: warning: format string is not a string literal
      (potentially insecure)
            fprintf( pfTrace, zBadR+2 );

This is another analytical bug.  "zBadR" is, in fact, a string literal.
I am writing from the second byte.  I ought to have used fputs()
instead, and will, but meanwhile, this is a bug.  Here is the usage
and the two bytes skipped happen to be "%s":

        if (*pzOopsPrefix != NUL) {
            fprintf( stdout, zBadR, pzOopsPrefix );
            pzOopsPrefix = zNil;
        } else {
            fprintf( pfTrace, zBadR+2 );

on second thought, I'll replace all that with just the first fprintf.
There's still an analysis bug.  Thank you!  Regards, Bruce

More information about the llvm-dev mailing list