I don't understand the following warning:
$ cat a.c
#include <stdarg.h>
#include <stdio.h>
int logmessage(int loglevel, char const *fmt, ...) {
int ret = 0;
va_list ap;
if (loglevel > 1) {
va_start(ap, fmt);
ret = vprintf(fmt, ap);
va_end(ap);
}
return ret;
}
$ clang -std=c99 a.c
a.c:10:23: warning: format string is not a string literal (potentially
insecure)
ret = vprintf(fmt, ap);
~~~~~~~ ^
1 diagnostic generated.
This seems counter-intuitive to the point of the vprintf(3) API, which
is to pass the format string and arguments from its caller
(logmessage()) in this case. When would vprintf(3) ever realistically
be called with a string literal? There seems to be test cases and
explicit code for this, so I'm guessing this is intentional, but I
don't quite understand why...
Shantonu Sen
[EMAIL PROTECTED]
_______________________________________________
cfe-dev mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
