[issue20948] -Wformat=2 -Wformat-security findings

2016-07-26 Thread Martin Panter
Martin Panter added the comment: GCC’s -Wformat options are documented at . We already enable -Wall by default, which implicitly enables -Wformat, but not -Wformat=2. Apparently, -Wformat=2 enables -Wformat-security,

[issue20948] -Wformat=2 -Wformat-security findings

2016-07-26 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: Seems warnings are gone after adding the const qualifier to static constant arrays (issue25923). -- ___ Python tracker

[issue20948] -Wformat=2 -Wformat-security findings

2016-07-26 Thread Jeffrey Walton
Jeffrey Walton added the comment: On Tue, Jul 26, 2016 at 4:31 AM, Martin Panter wrote: > > Martin Panter added the comment: > > The Modules/main.c cases are not errors. They are just long strings defined > as static constants, rather than literals passed in directly. >

[issue20948] -Wformat=2 -Wformat-security findings

2016-07-26 Thread Martin Panter
Martin Panter added the comment: The Modules/main.c cases are not errors. They are just long strings defined as static constants, rather than literals passed in directly. I think we can close this now. Unless people think this warning is worth using, in which case we should find a way to work

[issue20948] -Wformat=2 -Wformat-security findings

2014-11-18 Thread Serhiy Storchaka
Changes by Serhiy Storchaka storch...@gmail.com: -- nosy: +haypo, pitrou, serhiy.storchaka ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20948 ___

[issue20948] -Wformat=2 -Wformat-security findings

2014-11-18 Thread Roundup Robot
Roundup Robot added the comment: New changeset d6d2549340cb by Victor Stinner in branch 'default': Issue #20948: Inline makefmt() in unicode_fromformat_arg() https://hg.python.org/cpython/rev/d6d2549340cb -- nosy: +python-dev ___ Python tracker

[issue20948] -Wformat=2 -Wformat-security findings

2014-11-18 Thread STINNER Victor
STINNER Victor added the comment: The format parameter passed to sprintf() is created by makefmt() function. In Python 3.5, makefmt() has a few parameters. The code is simple and looks safe. The makefmt() function was much more complex in Python 3.3, it had more parameters: zeropad, width and

[issue20948] -Wformat=2 -Wformat-security findings

2014-03-16 Thread Jeffrey Walton
New submission from Jeffrey Walton: $ hg id 3736bf94535c+ tip -Wformat=2 -Wformat-security are useful for detecting possible security related bugs. Compiling with the two options produced a few hits in the source code. /usr/bin/gcc -pthread -c -Wno-unused-result

[issue20948] -Wformat=2 -Wformat-security findings

2014-03-16 Thread Jeffrey Walton
Jeffrey Walton added the comment: If interested, I think the warnings can be selectively turned off: #if defined (__GNUC__) ((__GNUC__ == 4 __GNUC_MINOR__ = 6) || (__GNUC__ = 5)) # pragma GCC diagnostic push # pragma GCC diagnostic ignored -Wformat-security #endif

[issue20948] -Wformat=2 -Wformat-security findings

2014-03-16 Thread Jeffrey Walton
Jeffrey Walton added the comment: #if defined (__GNUC__) ((__GNUC__ == 4 __GNUC_MINOR__ = 6) || (__GNUC__ = 5)) # pragma GCC diagnostic push # pragma GCC diagnostic ignored -Wformat-security #endif My bad... -Wformat-nonliteral -- ___ Python