[Bug bootstrap/100431] Fixes to enable compiling with -Werror=format-security

Tue, 11 May 2021 06:58:31 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100431

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
%< and %> are GCC diagnostics format specifiers, not printf.
They are more similar to e.g. GNU printf %m , something that doesn't take any
va_arg, but is interpreted.
Try
printf ("%m\n");
vs.
printf ("%s", "%m\n");
to see the difference.
Anyway, for this case either using the conditional directly in the
cpp_warning_with_line argument instead of in initializer of a temporary, or two
cpp_warning_with_line calls each with a separate string would do.
Anyway, I strongly doubt your patch covers everything, I can see e.g.
gcc/c/c-convert.c:81:31: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/c/c-typeck.c:3681:28: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/c/c-typeck.c:4433:42: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/c/c-typeck.c:6587:43: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/c/c-typeck.c:11679:42: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/c-family/c-common.c:6358:30: warning: format not a string literal and no
format arguments [-Wformat-security]
gcc/c-family/c-common.c:6362:33: warning: format not a string literal and no
format arguments [-Wformat-security]
gcc/fold-const.c:303:42: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/ipa-devirt.c:951:47: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/analyzer/program-state.cc:1153:20: warning: format not a string literal and
no format arguments [-Wformat-security]
gcc/diagnostic.c:1887:52: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/cp/cvt.c:725:26: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/cp/error.c:799:20: warning: spurious leading punctuation sequence ‘<’ in
format [-Wformat-diag]
gcc/cp/error.c:799:20: warning: spurious trailing punctuation sequence ‘>’ in
format [-Wformat-diag]
gcc/cp/error.c:799:20: warning: spurious leading punctuation sequence ‘<’ in
format [-Wformat-diag]
gcc/cp/error.c:799:20: warning: spurious trailing punctuation sequence ‘>’ in
format [-Wformat-diag]
gcc/cp/decl.c:3485:22: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/cp/typeck.c:4721:24: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/cp/typeck.c:6630:24: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/cp/pt.c:19640:20: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/collect2.c:2422:37: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/collect-utils.c:200:37: warning: format not a string literal and no format
arguments [-Wformat-security]
gcc/lto-wrapper.c:1606:31: warning: format not a string literal and no format
arguments [-Wformat-security]
and you've only touched the gcc/diagnostic.c case from that.

Reply via email to