On 11/20/2013 11:13 AM, Jerry James wrote:
And the very first package I maintain that appears on that list, abe,
is an interesting one. The game has an internal function,
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant strings
into the function, which passes those constant strings to sprintf().
The function's purpose is to produce a pathname for a file of interest
to the caller in the game's installed location. It's too bad that
gcc's analysis cannot span function calls inside a compilation unit.
There really is nothing wrong with this code.
If you change its prototype to:
static void path_sprintf (char *path, char *format, ...)
__attribute__((__format__(__printf, 2, 3)));
(and update it to use varargs and vsprintf() instead of sprintf())
then the warnings will go away, because gcc will now know that it's a
function that behaves like printf(), with argument 2 being the format
string and argument 3 being the "...", and so then it can do the
-Wformat-security checking at each of the path_sprintf() callpoints.
(And you also get warnings when the arguments don't match the format
string, like you would if you were calling sprintf() directly.) (And now
you can use formats other than a single "%d" in the future if you want...)
-- Dan
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
