Re: format string is not a string literal

public inbox for gdb@sourceware.org
 help / color / mirror / Atom feed

From: pinskia@gmail.com
To: Simon Marchi <simon.marchi@polymtl.ca>
Cc: "Paul_Koning@dell.com" <Paul_Koning@dell.com>,
	"howarth.mailing.lists@gmail.com"
	<howarth.mailing.lists@gmail.com>,
	"gdb@sourceware.org" <gdb@sourceware.org>
Subject: Re: format string is not a string literal
Date: Thu, 26 Feb 2015 00:46:00 -0000	[thread overview]
Message-ID: <7A311B56-C424-4C4F-A0E4-B12B65131745@gmail.com> (raw)
In-Reply-To: <CAFXXi0=56gNf2GoSKkrx=bRArhjk+AhSbiu0crpdR3=df7B2BQ@mail.gmail.com>





On Feb 25, 2015, at 4:05 PM, Simon Marchi <simon.marchi@polymtl.ca> wrote:

>> I didn’t say it’s a bug, Andrew did.  But I agree with him.
>> 
>> My comment (“the code is legit”) simply meant that GDB uses variable formats for obvious valid reasons (so the format can vary, being user-supplied).  Given that it’s intentional, the warning is not wanted.
>> 
>> But that point is really applicable to printf, not vprintf.  Andrew’s point is that checking formats for vprintf is not possible because you can’t know the argument list; only in printf do you see the arguments so you can match the types.  So the bug is that format checking and complaining for non-literal formats should not be enabled at all for vprintf.  That may be a header issue rather than a compiler issue, but either way, it’s not the right thing to do.
>> 
>>        paul
> 
> I think the warning is relevant. If you instruct the compiler that
> inferior_debug takes a format string and format arguments (using a
> format attribute, as mentioned by Richard in the bug report), then it
> can check if the callers are doing something wrong.
> 
> In the case of inferior_debug, the attribute should be
>    __attribute__((format (printf, 2, 3)))
> 
> By adding the attribute, you get nice warnings of this kind:
> 
> test.c: In function ‘main’:
> test.c:17:2: warning: too many arguments for format [-Wformat-extra-args]
>  inferior_debug (1, "pouet %d", 2, "hello");
> 
> If the function is vprintf-style, it's similar but the last argument
> should be 0. It will push the argument check a level higher, where
> eventually they are explicitely defined printf-style. The doc is
> somewhere here [2] in the middle.

Then clang's warning should suggest putting the format attribute on that function rather than giving out a warning that seems like it is a bogus one. 

Gcc does that iirc why not clang. 

Thanks,
Andrew


> 
> The warning also has some value because it will tell you if the string
> originally comes from a non-literal, which should be avoided [1].
> 
> [1] http://en.wikipedia.org/wiki/Uncontrolled_format_string
> [2] https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
> 
> Simon

next prev parent reply	other threads:[~2015-02-26  0:12 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-24 17:16 Jack Howarth
2015-02-24 18:04 ` Andrew Pinski
2015-02-24 18:18   ` Andrew Pinski
2015-02-25  9:42   ` Andrew Pinski
2015-02-25  7:58 ` Paul_Koning
2015-02-26  0:06   ` Jack Howarth
2015-02-26  0:12     ` Paul_Koning
2015-02-26  0:41       ` Simon Marchi
2015-02-26  0:46         ` pinskia [this message]
2015-02-26  2:31           ` Jack Howarth
2015-02-26  2:35             ` pinskia
2015-02-26  2:38               ` Simon Marchi
2015-02-26  8:39                 ` Andrew Pinski
2015-02-26  8:46                   ` Andrew Pinski
2015-02-26  9:52                     ` Jack Howarth
2015-02-26 10:18                       ` Andrew Pinski
2015-02-26 16:26             ` Pedro Alves
2015-02-26 17:44               ` Jack Howarth
2015-02-26 19:55                 ` Pedro Alves
2015-02-27  2:22                   ` Paul Smith
2015-02-26 18:34               ` Paul Smith
2015-02-26 19:41                 ` Pedro Alves

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7A311B56-C424-4C4F-A0E4-B12B65131745@gmail.com \
    --to=pinskia@gmail.com \
    --cc=Paul_Koning@dell.com \
    --cc=gdb@sourceware.org \
    --cc=howarth.mailing.lists@gmail.com \
    --cc=simon.marchi@polymtl.ca \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).