[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554 Martin Sebor changed: What|Removed |Added Assignee|msebor at gcc dot gnu.org |unassigned at gcc dot gnu.org Status|ASSIGNED|NEW --- Comment #4 from Martin Sebor --- I'm no longer working on this.
[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554
--- Comment #3 from Андрей Доценко ---
(In reply to Jakub Jelinek from comment #1)
> In the first macro fmt_ isn't defined at all (nor there is a fmt_ variable),
> so I doubt it compiles at all.
> And, in the second macro, the warning is 100% correct, fmt_ is a non-const
> variable, -Wformat-security is a FE warning, so can't rely on any
> optimizations etc. Probably const char *const fmt_ = fmt; should work,
> because then it should be able to look at the var's initializer.
I've simplified the code to make this report, so I've made a mistake. The code
is meant to be:
#define PRINT_CHANGE(fmt, args...) \
do { \
fprintf(DEBUG_STREAM, "%s(", __FUNCTION__); \
if (strcmp(fmt, "") != 0) { \
fprintf(DEBUG_STREAM, fmt, ##args); \
} \
fprintf(DEBUG_STREAM, ")\n"); \
} while (0)
PRINT_CHANGE("");
[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554
Martin Sebor changed:
What|Removed |Added
Keywords||diagnostic
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed||2017-02-17
CC||msebor at gcc dot gnu.org
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot
gnu.org
Ever confirmed|0 |1
--- Comment #2 from Martin Sebor ---
Unfortunately, because of the inherent limitations of the warning being
implemented in the front end, using a const char* const doesn't help. See the
test case below. I think this warning might be better handled in the
gimple-ssa-sprintf.c pass where trusted strings can be more reliably
distinguished from potentially tainted ones. Let me see if I can do this in
GCC 8.
$ cat t.c && gcc -O2 -S -Wall -Wformat -Wformat-security t.c
void f (char *d)
{
const char* fmt = "";
__builtin_sprintf (d, fmt);
}
void g (char *d)
{
const char* const fmt = "";
if (*fmt)
__builtin_sprintf (d, fmt);
}
t.c: In function ‘f’:
t.c:4:5: warning: format not a string literal and no format arguments
[-Wformat-security]
__builtin_sprintf (d, fmt);
^
t.c: In function ‘g’:
t.c:9:27: warning: zero-length gnu_printf format string [-Wformat-zero-length]
const char* const fmt = "";
^~
[Bug c/79554] Zero length format string passed to fprintf under if statement causes error message
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554 Jakub Jelinek changed: What|Removed |Added CC||jakub at gcc dot gnu.org --- Comment #1 from Jakub Jelinek --- In the first macro fmt_ isn't defined at all (nor there is a fmt_ variable), so I doubt it compiles at all. And, in the second macro, the warning is 100% correct, fmt_ is a non-const variable, -Wformat-security is a FE warning, so can't rely on any optimizations etc. Probably const char *const fmt_ = fmt; should work, because then it should be able to look at the var's initializer.
