[PATCH]: eb495be6e8 helper/log: mark 'fmt' argument of alloc_*printf() as not NULL

[gerrit]

This is an automated email from Gerrit.

"Antonio Borneo <borneo.anto...@gmail.com>" just uploaded a new patch set to 
Gerrit, which you can find at https://review.openocd.org/c/openocd/+/9166

-- gerrit

commit eb495be6e8ab72dacd477d2853d87fa326681ffa
Author: Antonio Borneo <borneo.anto...@gmail.com>
Date:   Sun Oct 12 11:30:00 2025 +0200

    helper/log: mark 'fmt' argument of alloc_*printf() as not NULL
    
    Even after commit e12ceddd5ee4 ("helper/log: mark `fmt` argument
    of `alloc_vprintf()` as format string"), the GCC compiler still
    reports that alloc_vprintf() could call vsnprintf() with a NULL
    format parameter.
    
    Inform the compiler that alloc_vprintf() cannot accept NULL as
    format string.
    Add an assert() in alloc_vprintf() so even compilers that do not
    use the function attribute 'nonnull' will play safe.
    While there, extend the same fixes to alloc_printf() too.
    
    Change-Id: Idfa4fe9c6dfb2acfbf434c392237937ae03f0e8a
    Signed-off-by: Antonio Borneo <borneo.anto...@gmail.com>
    Reported-by: Parshintsev Anatoly <anatoly.parshint...@syntacore.com>

diff --git a/src/helper/log.c b/src/helper/log.c
index d8c4e09ac7..53463b526c 100644
--- a/src/helper/log.c
+++ b/src/helper/log.c
@@ -354,6 +354,8 @@ char *alloc_vprintf(const char *fmt, va_list ap)
        int len;
        char *string;
 
+       assert(fmt);
+
        /* determine the length of the buffer needed */
        va_copy(ap_copy, ap);
        len = vsnprintf(NULL, 0, fmt, ap_copy);
diff --git a/src/helper/log.h b/src/helper/log.h
index ac24f8e833..06770553c4 100644
--- a/src/helper/log.h
+++ b/src/helper/log.h
@@ -15,6 +15,7 @@
 #define OPENOCD_HELPER_LOG_H
 
 #include <helper/command.h>
+#include <helper/compiler.h>
 
 /* To achieve C99 printf compatibility in MinGW, gnu_printf should be
  * used for __attribute__((format( ... ))), with GCC v4.4 or later
@@ -86,9 +87,9 @@ int log_add_callback(log_callback_fn fn, void *priv);
 int log_remove_callback(log_callback_fn fn, void *priv);
 
 char *alloc_vprintf(const char *fmt, va_list ap)
-       __attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 0)));
+       __attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 0))) __nonnull((1));
 char *alloc_printf(const char *fmt, ...)
-       __attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 2)));
+       __attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 2))) __nonnull((1));
 
 const char *find_nonprint_char(const char *buf, unsigned int buf_len);
 

--