format string is not a string literal

Jack Howarth howarth.mailing.lists@gmail.com
Thu Feb 26 02:31:00 GMT 2015 

Andrew,
     See the additional comments from the llvm.org clang developers at...

http://llvm.org/bugs/show_bug.cgi?id=22701#c5

         Jack

On Wed, Feb 25, 2015 at 7:12 PM,  <pinskia@gmail.com> wrote:
>
>
>
>
> On Feb 25, 2015, at 4:05 PM, Simon Marchi <simon.marchi@polymtl.ca> wrote:
>
>>> I didn’t say it’s a bug, Andrew did.  But I agree with him.
>>>
>>> My comment (“the code is legit”) simply meant that GDB uses variable formats for obvious valid reasons (so the format can vary, being user-supplied).  Given that it’s intentional, the warning is not wanted.
>>>
>>> But that point is really applicable to printf, not vprintf.  Andrew’s point is that checking formats for vprintf is not possible because you can’t know the argument list; only in printf do you see the arguments so you can match the types.  So the bug is that format checking and complaining for non-literal formats should not be enabled at all for vprintf.  That may be a header issue rather than a compiler issue, but either way, it’s not the right thing to do.
>>>
>>>        paul
>>
>> I think the warning is relevant. If you instruct the compiler that
>> inferior_debug takes a format string and format arguments (using a
>> format attribute, as mentioned by Richard in the bug report), then it
>> can check if the callers are doing something wrong.
>>
>> In the case of inferior_debug, the attribute should be
>>    __attribute__((format (printf, 2, 3)))
>>
>> By adding the attribute, you get nice warnings of this kind:
>>
>> test.c: In function ‘main’:
>> test.c:17:2: warning: too many arguments for format [-Wformat-extra-args]
>>  inferior_debug (1, "pouet %d", 2, "hello");
>>
>> If the function is vprintf-style, it's similar but the last argument
>> should be 0. It will push the argument check a level higher, where
>> eventually they are explicitely defined printf-style. The doc is
>> somewhere here [2] in the middle.
>
> Then clang's warning should suggest putting the format attribute on that function rather than giving out a warning that seems like it is a bogus one.
>
> Gcc does that iirc why not clang.
>
> Thanks,
> Andrew
>
>
>>
>> The warning also has some value because it will tell you if the string
>> originally comes from a non-literal, which should be avoided [1].
>>
>> [1] http://en.wikipedia.org/wiki/Uncontrolled_format_string
>> [2] https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
>>
>> Simon

More information about the Gdb mailing list