On 2019-08-19 13:05, August Karlstrom wrote:
When I use the default C compiler cc on macOS to compile a parser
generated by GNU Bison I get the following warning:
y.tab.c:3974:18: warning: format string is not a string literal
(potentially insecure) [-Wformat-security]
yyerror (yymsgp);
^~~~~~
y.tab.c:3974:18: note: treat the string as an argument to avoid this
yyerror (yymsgp);
^
"%s",
As the warning suggests, GNU Bison should instead generate the call
yyerror ("%s", yymsgp);
That would almost certainly be wrong, since yyerror is a
one-argument function; its prototype is
void yyerror(const char *);
(That is, that's the default one. Various Bison options can change
the type signature. The presence of %locations %define api.pure
adds a parameter to yyerror, as does %parse-param.)
A parser that needs to have a printf-like function should define
it as an auxiliary, e.g.:
void yyerrorf(const char *fmt, ...)
{
/* vsnprintf into buffer */
/* call yyerror(buffer) */
}
Or possibly the other way around:
void yyerror(const char *nofmt)
{
yyerrorf("%s", nofmt);
}