format string is not a string literal
Simon Marchi
simon.marchi@polymtl.ca
Thu Feb 26 00:41:00 GMT 2015
> I didn’t say it’s a bug, Andrew did. But I agree with him.
>
> My comment (“the code is legit”) simply meant that GDB uses variable formats for obvious valid reasons (so the format can vary, being user-supplied). Given that it’s intentional, the warning is not wanted.
>
> But that point is really applicable to printf, not vprintf. Andrew’s point is that checking formats for vprintf is not possible because you can’t know the argument list; only in printf do you see the arguments so you can match the types. So the bug is that format checking and complaining for non-literal formats should not be enabled at all for vprintf. That may be a header issue rather than a compiler issue, but either way, it’s not the right thing to do.
>
> paul
I think the warning is relevant. If you instruct the compiler that
inferior_debug takes a format string and format arguments (using a
format attribute, as mentioned by Richard in the bug report), then it
can check if the callers are doing something wrong.
In the case of inferior_debug, the attribute should be
__attribute__((format (printf, 2, 3)))
By adding the attribute, you get nice warnings of this kind:
test.c: In function ‘main’:
test.c:17:2: warning: too many arguments for format [-Wformat-extra-args]
inferior_debug (1, "pouet %d", 2, "hello");
If the function is vprintf-style, it's similar but the last argument
should be 0. It will push the argument check a level higher, where
eventually they are explicitely defined printf-style. The doc is
somewhere here [2] in the middle.
The warning also has some value because it will tell you if the string
originally comes from a non-literal, which should be avoided [1].
[1] http://en.wikipedia.org/wiki/Uncontrolled_format_string
[2] https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
Simon
More information about the Gdb
mailing list