Re: Format string check for dprintf(3)
ok deraadt Christian Weisgerber wrote: > Add format string checking annotations for dprintf(3) and vdprintf(3). > > This was apparently forgotten when the functions were added. It is > required so the compiler can warn > > t.c:25:25: warning: format string is not a string literal (potentially > insecure) > [-Wformat-security] > dprintf(STDOUT_FILENO, msg); >^~~ > > Absent -Werror, I do not expect any fallout from this, but I ran a > successful amd64 make build with it anyway. > > ok? > > Index: include/stdio.h > === > RCS file: /cvs/src/include/stdio.h,v > retrieving revision 1.53 > diff -u -p -r1.53 stdio.h > --- include/stdio.h 9 Sep 2016 18:12:37 - 1.53 > +++ include/stdio.h 10 Sep 2020 15:07:08 - > @@ -204,7 +204,9 @@ __END_DECLS > __BEGIN_DECLS > void clearerr(FILE *); > #if __POSIX_VISIBLE >= 200809 > -int dprintf(int, const char * __restrict, ...); > +int dprintf(int, const char * __restrict, ...) > + __attribute__((__format__ (printf, 2, 3))) > + __attribute__((__nonnull__ (2))); > #endif > int fclose(FILE *); > int feof(FILE *); > @@ -266,7 +268,9 @@ intvfprintf(FILE *, const char *, __va > int vprintf(const char *, __va_list); > int vsprintf(char *, const char *, __va_list); > #if __POSIX_VISIBLE >= 200809 > -int vdprintf(int, const char * __restrict, __va_list); > +int vdprintf(int, const char * __restrict, __va_list) > + __attribute__((__format__ (printf, 2, 0))) > + __attribute__((__nonnull__ (2))); > #endif > > #if __ISO_C_VISIBLE >= 1999 || __XPG_VISIBLE >= 500 || __BSD_VISIBLE > -- > Christian "naddy" Weisgerber na...@mips.inka.de >
Re: Format string check for dprintf(3)
On Thu, 10 Sep 2020 20:19:14 +0200, Christian Weisgerber wrote: > Absent -Werror, I do not expect any fallout from this, but I ran a > successful amd64 make build with it anyway. OK millert@ - todd
Format string check for dprintf(3)
Add format string checking annotations for dprintf(3) and vdprintf(3). This was apparently forgotten when the functions were added. It is required so the compiler can warn t.c:25:25: warning: format string is not a string literal (potentially insecure) [-Wformat-security] dprintf(STDOUT_FILENO, msg); ^~~ Absent -Werror, I do not expect any fallout from this, but I ran a successful amd64 make build with it anyway. ok? Index: include/stdio.h === RCS file: /cvs/src/include/stdio.h,v retrieving revision 1.53 diff -u -p -r1.53 stdio.h --- include/stdio.h 9 Sep 2016 18:12:37 - 1.53 +++ include/stdio.h 10 Sep 2020 15:07:08 - @@ -204,7 +204,9 @@ __END_DECLS __BEGIN_DECLS voidclearerr(FILE *); #if __POSIX_VISIBLE >= 200809 -int dprintf(int, const char * __restrict, ...); +int dprintf(int, const char * __restrict, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); #endif int fclose(FILE *); int feof(FILE *); @@ -266,7 +268,9 @@ int vfprintf(FILE *, const char *, __va int vprintf(const char *, __va_list); int vsprintf(char *, const char *, __va_list); #if __POSIX_VISIBLE >= 200809 -int vdprintf(int, const char * __restrict, __va_list); +int vdprintf(int, const char * __restrict, __va_list) + __attribute__((__format__ (printf, 2, 0))) + __attribute__((__nonnull__ (2))); #endif #if __ISO_C_VISIBLE >= 1999 || __XPG_VISIBLE >= 500 || __BSD_VISIBLE -- Christian "naddy" Weisgerber na...@mips.inka.de
