Re: [Xen-devel] [PATCH 4/5] kconfig: disable non-literal format string warnings

Wed, 26 Jun 2019 09:23:39 -0700 

On 26/06/2019 16:20, Roger Pau Monné wrote:
> On Wed, Jun 26, 2019 at 08:45:27AM -0600, Jan Beulich wrote:
>>>>> On 26.06.19 at 15:55, <roger....@citrix.com> wrote:
>>> Kconfig makes heavy use of non-literals as format strings, disable
>>> compiler warnings since this is expected usage.
>> I've never seen any with any version of gcc - are there more
>> aspects to be mentioned here?
> Oh, I've always seen them with clang. Not sure why gcc doesn't show
> such warnings.
>
> clang -Wp,-MD,tools/kconfig/.conf.o.d    -DCURSES_LOC="<ncurses.h>" -DLOCALE 
> -DKBUILD_NO_NLS  -c -o tools/kconfig/conf.o tools/kconfig/conf.c
> tools/kconfig/conf.c:77:10: warning: format string is not a string literal 
> (potentially insecure)
>       [-Wformat-security]
>                 printf(_("aborted!\n\n"));
>                        ^~~~~~~~~~~~~~~~~
> tools/kconfig/lkc.h:34:17: note: expanded from macro '_'
> #define _(text) gettext(text)
>                 ^~~~~~~~~~~~~
> tools/kconfig/conf.c:77:10: note: treat the string as an argument to avoid 
> this
>                 printf(_("aborted!\n\n"));
>                        ^
>                        "%s",
> tools/kconfig/lkc.h:34:17: note: expanded from macro '_'
> #define _(text) gettext(text)
>                 ^
> tools/kconfig/conf.c:78:10: warning: format string is not a string literal 
> (potentially insecure)
>       [-Wformat-security]
>                 printf(_("Console input/output is redirected. "));
>                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> tools/kconfig/lkc.h:34:17: note: expanded from macro '_'
> #define _(text) gettext(text)
>                 ^~~~~~~~~~~~~
> tools/kconfig/conf.c:78:10: note: treat the string as an argument to avoid 
> this
>                 printf(_("Console input/output is redirected. "));
>                        ^
>                        "%s",
> tools/kconfig/lkc.h:34:17: note: expanded from macro '_'
> #define _(text) gettext(text)
>                 ^

Clang is correct and GCC is wrong.  This code is plain buggy.

Its trivial to arrange for gettext to return a string with a % in it.

These want fixing to "%s", _(), or to use puts().

It looks like Linux has dropped the use of gettext in the first place. 
Look like c/s 694c49a7c01cc87194be40cb26404b58b68c291c wants backporting.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to