[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554 Martin Sebor changed: What|Removed |Added Assignee|msebor at gcc dot gnu.org |unassigned at gcc dot gnu.org Status|ASSIGNED|NEW --- Comment #4 from Martin Sebor --- I'm no longer working on this.
[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554 --- Comment #3 from Андрей Доценко --- (In reply to Jakub Jelinek from comment #1) > In the first macro fmt_ isn't defined at all (nor there is a fmt_ variable), > so I doubt it compiles at all. > And, in the second macro, the warning is 100% correct, fmt_ is a non-const > variable, -Wformat-security is a FE warning, so can't rely on any > optimizations etc. Probably const char *const fmt_ = fmt; should work, > because then it should be able to look at the var's initializer. I've simplified the code to make this report, so I've made a mistake. The code is meant to be: #define PRINT_CHANGE(fmt, args...) \ do { \ fprintf(DEBUG_STREAM, "%s(", __FUNCTION__); \ if (strcmp(fmt, "") != 0) { \ fprintf(DEBUG_STREAM, fmt, ##args); \ } \ fprintf(DEBUG_STREAM, ")\n"); \ } while (0) PRINT_CHANGE("");
[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554 Martin Sebor changed: What|Removed |Added Keywords||diagnostic Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2017-02-17 CC||msebor at gcc dot gnu.org Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #2 from Martin Sebor --- Unfortunately, because of the inherent limitations of the warning being implemented in the front end, using a const char* const doesn't help. See the test case below. I think this warning might be better handled in the gimple-ssa-sprintf.c pass where trusted strings can be more reliably distinguished from potentially tainted ones. Let me see if I can do this in GCC 8. $ cat t.c && gcc -O2 -S -Wall -Wformat -Wformat-security t.c void f (char *d) { const char* fmt = ""; __builtin_sprintf (d, fmt); } void g (char *d) { const char* const fmt = ""; if (*fmt) __builtin_sprintf (d, fmt); } t.c: In function ‘f’: t.c:4:5: warning: format not a string literal and no format arguments [-Wformat-security] __builtin_sprintf (d, fmt); ^ t.c: In function ‘g’: t.c:9:27: warning: zero-length gnu_printf format string [-Wformat-zero-length] const char* const fmt = ""; ^~
[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554 Jakub Jelinek changed: What|Removed |Added CC||jakub at gcc dot gnu.org --- Comment #1 from Jakub Jelinek --- In the first macro fmt_ isn't defined at all (nor there is a fmt_ variable), so I doubt it compiles at all. And, in the second macro, the warning is 100% correct, fmt_ is a non-const variable, -Wformat-security is a FE warning, so can't rely on any optimizations etc. Probably const char *const fmt_ = fmt; should work, because then it should be able to look at the var's initializer.