https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |diagnostic Status|UNCONFIRMED |ASSIGNED Last reconfirmed| |2017-02-17 CC| |msebor at gcc dot gnu.org Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> --- Unfortunately, because of the inherent limitations of the warning being implemented in the front end, using a const char* const doesn't help. See the test case below. I think this warning might be better handled in the gimple-ssa-sprintf.c pass where trusted strings can be more reliably distinguished from potentially tainted ones. Let me see if I can do this in GCC 8. $ cat t.c && gcc -O2 -S -Wall -Wformat -Wformat-security t.c void f (char *d) { const char* fmt = ""; __builtin_sprintf (d, fmt); } void g (char *d) { const char* const fmt = ""; if (*fmt) __builtin_sprintf (d, fmt); } t.c: In function āfā: t.c:4:5: warning: format not a string literal and no format arguments [-Wformat-security] __builtin_sprintf (d, fmt); ^~~~~~~~~~~~~~~~~ t.c: In function āgā: t.c:9:27: warning: zero-length gnu_printf format string [-Wformat-zero-length] const char* const fmt = ""; ^~