https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79554
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2017-02-17
CC| |msebor at gcc dot gnu.org
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot
gnu.org
Ever confirmed|0 |1
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Unfortunately, because of the inherent limitations of the warning being
implemented in the front end, using a const char* const doesn't help. See the
test case below. I think this warning might be better handled in the
gimple-ssa-sprintf.c pass where trusted strings can be more reliably
distinguished from potentially tainted ones. Let me see if I can do this in
GCC 8.
$ cat t.c && gcc -O2 -S -Wall -Wformat -Wformat-security t.c
void f (char *d)
{
const char* fmt = "";
__builtin_sprintf (d, fmt);
}
void g (char *d)
{
const char* const fmt = "";
if (*fmt)
__builtin_sprintf (d, fmt);
}
t.c: In function āfā:
t.c:4:5: warning: format not a string literal and no format arguments
[-Wformat-security]
__builtin_sprintf (d, fmt);
^~~~~~~~~~~~~~~~~
t.c: In function āgā:
t.c:9:27: warning: zero-length gnu_printf format string [-Wformat-zero-length]
const char* const fmt = "";
^~
