https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100431
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> --- %< and %> are GCC diagnostics format specifiers, not printf. They are more similar to e.g. GNU printf %m , something that doesn't take any va_arg, but is interpreted. Try printf ("%m\n"); vs. printf ("%s", "%m\n"); to see the difference. Anyway, for this case either using the conditional directly in the cpp_warning_with_line argument instead of in initializer of a temporary, or two cpp_warning_with_line calls each with a separate string would do. Anyway, I strongly doubt your patch covers everything, I can see e.g. gcc/c/c-convert.c:81:31: warning: format not a string literal and no format arguments [-Wformat-security] gcc/c/c-typeck.c:3681:28: warning: format not a string literal and no format arguments [-Wformat-security] gcc/c/c-typeck.c:4433:42: warning: format not a string literal and no format arguments [-Wformat-security] gcc/c/c-typeck.c:6587:43: warning: format not a string literal and no format arguments [-Wformat-security] gcc/c/c-typeck.c:11679:42: warning: format not a string literal and no format arguments [-Wformat-security] gcc/c-family/c-common.c:6358:30: warning: format not a string literal and no format arguments [-Wformat-security] gcc/c-family/c-common.c:6362:33: warning: format not a string literal and no format arguments [-Wformat-security] gcc/fold-const.c:303:42: warning: format not a string literal and no format arguments [-Wformat-security] gcc/ipa-devirt.c:951:47: warning: format not a string literal and no format arguments [-Wformat-security] gcc/analyzer/program-state.cc:1153:20: warning: format not a string literal and no format arguments [-Wformat-security] gcc/diagnostic.c:1887:52: warning: format not a string literal and no format arguments [-Wformat-security] gcc/cp/cvt.c:725:26: warning: format not a string literal and no format arguments [-Wformat-security] gcc/cp/error.c:799:20: warning: spurious leading punctuation sequence ‘<’ in format [-Wformat-diag] gcc/cp/error.c:799:20: warning: spurious trailing punctuation sequence ‘>’ in format [-Wformat-diag] gcc/cp/error.c:799:20: warning: spurious leading punctuation sequence ‘<’ in format [-Wformat-diag] gcc/cp/error.c:799:20: warning: spurious trailing punctuation sequence ‘>’ in format [-Wformat-diag] gcc/cp/decl.c:3485:22: warning: format not a string literal and no format arguments [-Wformat-security] gcc/cp/typeck.c:4721:24: warning: format not a string literal and no format arguments [-Wformat-security] gcc/cp/typeck.c:6630:24: warning: format not a string literal and no format arguments [-Wformat-security] gcc/cp/pt.c:19640:20: warning: format not a string literal and no format arguments [-Wformat-security] gcc/collect2.c:2422:37: warning: format not a string literal and no format arguments [-Wformat-security] gcc/collect-utils.c:200:37: warning: format not a string literal and no format arguments [-Wformat-security] gcc/lto-wrapper.c:1606:31: warning: format not a string literal and no format arguments [-Wformat-security] and you've only touched the gcc/diagnostic.c case from that.