❦ 29 mai 2014 01:04 +0200, Willy Tarreau <[email protected]> :
>> "const char * hello" means hello is a pointer to a const char. You may want
>> to say "const char * const hello". But gcc doesn't seem to handle it
>> either (but clang does).
>
> Yes it does but it doesn't change its verdict. The test is really bogus I
> think :
>
> const char fmt[] = "blah"; printf(fmt); => OK
> const char *fmt = "blah"; printf(fmt); => KO
> const char * const fmt = "blah"; printf(fmt); => KO
> const char fmt[][5] = { "blah" }; printf(fmt[0]); => KO
>
> This is the difference between the first one and the last one which makes
> me say the test is bogus, because it's exactly the same.
>
> And worst thing is that I guess they added this check for people who
> mistakenly use printf(string). And as usual, they don't provide an easy
> way to say "don't worry it's not an error, it's on purpose"... This
> compiler is becoming more and more irritating, soon we'll have more
> lines of workarounds than useful lines of code.
Well, this is something which exists since a long time. At least 5 years.
> Worse in fact, the workaround is simple, it consists in removing the
> __attribute__((printf)) on the declaration line of chunk_appendf(),
> and thus *really* opening the door to real scary bugs.
>
> OK so I'll add a dummy argument to shut it up :-(
Or you could declare unsafe_chunk_appendf without the attribute and make
chunk_appendf call this one and hope the compiler will optimize the
indirection. But that's quite complex when you only need to add a dummy
argument.
--
Each module should do one thing well.
- The Elements of Programming Style (Kernighan & Plauger)
