This is the mail archive of the
gdb@sourceware.org
mailing list for the GDB project.
Re: format string is not a string literal
- From: pinskia at gmail dot com
- To: Simon Marchi <simon dot marchi at polymtl dot ca>
- Cc: "Paul_Koning at dell dot com" <Paul_Koning at dell dot com>, "howarth dot mailing dot lists at gmail dot com" <howarth dot mailing dot lists at gmail dot com>, "gdb at sourceware dot org" <gdb at sourceware dot org>
- Date: Wed, 25 Feb 2015 16:12:06 -0800
- Subject: Re: format string is not a string literal
- Authentication-results: sourceware.org; auth=none
- References: <CADtEn-1ZT1uznxPzQxr_nBQya1AVrNLyE+ZSDmm2x_ux8qyzUQ at mail dot gmail dot com> <0AB56024-875B-4724-8ED2-A9DDB237CBFF at dell dot com> <CADtEn-0txdtq6x6dAZZ5wew-VOvYU28fueT_kJ2cx7=H0=vdPg at mail dot gmail dot com> <23CC7871-C616-436C-920C-4A635DC87189 at dell dot com> <CAFXXi0=56gNf2GoSKkrx=bRArhjk+AhSbiu0crpdR3=df7B2BQ at mail dot gmail dot com>
On Feb 25, 2015, at 4:05 PM, Simon Marchi <simon.marchi@polymtl.ca> wrote:
>> I didnât say itâs a bug, Andrew did. But I agree with him.
>>
>> My comment (âthe code is legitâ) simply meant that GDB uses variable formats for obvious valid reasons (so the format can vary, being user-supplied). Given that itâs intentional, the warning is not wanted.
>>
>> But that point is really applicable to printf, not vprintf. Andrewâs point is that checking formats for vprintf is not possible because you canât know the argument list; only in printf do you see the arguments so you can match the types. So the bug is that format checking and complaining for non-literal formats should not be enabled at all for vprintf. That may be a header issue rather than a compiler issue, but either way, itâs not the right thing to do.
>>
>> paul
>
> I think the warning is relevant. If you instruct the compiler that
> inferior_debug takes a format string and format arguments (using a
> format attribute, as mentioned by Richard in the bug report), then it
> can check if the callers are doing something wrong.
>
> In the case of inferior_debug, the attribute should be
> __attribute__((format (printf, 2, 3)))
>
> By adding the attribute, you get nice warnings of this kind:
>
> test.c: In function âmainâ:
> test.c:17:2: warning: too many arguments for format [-Wformat-extra-args]
> inferior_debug (1, "pouet %d", 2, "hello");
>
> If the function is vprintf-style, it's similar but the last argument
> should be 0. It will push the argument check a level higher, where
> eventually they are explicitely defined printf-style. The doc is
> somewhere here [2] in the middle.
Then clang's warning should suggest putting the format attribute on that function rather than giving out a warning that seems like it is a bogus one.
Gcc does that iirc why not clang.
Thanks,
Andrew
>
> The warning also has some value because it will tell you if the string
> originally comes from a non-literal, which should be avoided [1].
>
> [1] http://en.wikipedia.org/wiki/Uncontrolled_format_string
> [2] https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
>
> Simon