Re: -Wformat-security warnings generated in gcc build

public inbox for gcc@gcc.gnu.org
 help / color / mirror / Atom feed

From: Florian Weimer <fweimer@redhat.com>
To: "Joseph S. Myers" <joseph@codesourcery.com>,
	       Prathamesh Kulkarni <bilbotheelffriend@gmail.com>
Cc: gcc <gcc@gcc.gnu.org>
Subject: Re: -Wformat-security warnings generated in gcc build
Date: Tue, 21 Jan 2014 20:19:00 -0000	[thread overview]
Message-ID: <52DEB532.9020308@redhat.com> (raw)
In-Reply-To: <Pine.LNX.4.64.1401211749001.20755@digraph.polyomino.org.uk>

On 01/21/2014 06:50 PM, Joseph S. Myers wrote:
> On Tue, 21 Jan 2014, Prathamesh Kulkarni wrote:
>
>> Souce of these warnings are typically calls to error() and friends.
>> In  C and C++ front ends there are many calls of error (errmsg).
>> errmsg is in many cases, assigned the return value of targetm hooks
>> (tagetm.invalid_return_type(), etc.)  Is it correct to replace error
>> (errmsg) by
>> error ("%s", errmsg) in these cases ?
>
> No.  Typically the message returned by the hook may contain no-arguments
> format specifiers such as %< and %>.  Instead, to avoid such warnings you
> need to add a new function error_at_no_args (location, message) that
> accepts and processes only formats taking no arguments (and probably
> aborts if given a format that needs arguments).

And printf format strings also can contain %% an %m (the latter is a GNU 
extension).  That's why we cannot perform the arg -> "%s", arg 
transformation unconditionally in the compiler, rendering 
-Wformat-security pointless.  Which is a bit disappointing.

-- 
Florian Weimer / Red Hat Product Security Team

next prev parent reply	other threads:[~2014-01-21 17:58 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-21 16:03 Prathamesh Kulkarni
2014-01-21 17:50 ` Jakub Jelinek
2014-01-21 17:58 ` Joseph S. Myers
2014-01-21 20:19   ` Florian Weimer [this message]
2014-01-22 15:48   ` Prathamesh Kulkarni
2014-01-22 18:05     ` Joseph S. Myers
2014-01-23 11:43       ` Dodji Seketeli
2014-01-23 13:16         ` Trevor Saunders
2014-01-23 14:54         ` Prathamesh Kulkarni
2014-01-23 15:39           ` Dodji Seketeli
2014-01-23 15:55             ` Prathamesh Kulkarni
2014-01-24 16:19               ` Prathamesh Kulkarni
2014-01-26 16:12                 ` Prathamesh Kulkarni
2014-02-01 18:00                   ` Prathamesh Kulkarni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52DEB532.9020308@redhat.com \
    --to=fweimer@redhat.com \
    --cc=bilbotheelffriend@gmail.com \
    --cc=gcc@gcc.gnu.org \
    --cc=joseph@codesourcery.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).