MISRA C Rule 17.1 prohibits the use of the features that support variadic functions. Make the deviation already in place for controlled use of such features more general, relying on the presence of the `format' attribute on the function declaration.
Add attributes where missing in order to avoid special-casing certain functions that use variadic arguments. Signed-off-by: Nicola Vetrini <[email protected]> --- CI pipeline: https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2239414827 --- automation/eclair_analysis/ECLAIR/deviations.ecl | 12 +++++------- docs/misra/deviations.rst | 4 ++-- xen/common/libelf/libelf-private.h | 4 +++- xen/drivers/char/console.c | 4 +++- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 219ba6993b90..7dee4a488d45 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -570,13 +570,11 @@ safe." # Series 17. # --doc_begin="printf()-like functions are allowed to use the variadic features provided by stdarg.h." --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printk\\(.*\\)$)))"} --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printf\\(.*\\)$)))"} --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(panic)&&kind(function))))"} --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(elf_call_log_callback)&&kind(function))))"} --config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(vprintk_common)&&kind(function))))"} --config=MC3A2.R17.1,macros+={hide , "^va_(arg|start|copy|end)$"} +-doc_begin="printf()-like or scanf()-like functions are allowed to use the variadic features provided by stdarg.h, +provided that they are declared using the `format' attribute." +-decl_selector+={format_attr, "property(format)"} +-config=MC3A2.R17.1,reports+={deliberate, "any_area(^.*va_list.*$&&context(ancestor_or_self(format_attr)))"} +-config=MC3A2.R17.1,macros+={deliberate , "^va_(arg|start|copy|end)$"} -doc_end -doc_begin="Not using the return value of a function does not endanger safety if it coincides with an actual argument." diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index b3431ef24e26..584907b048ec 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -570,8 +570,8 @@ Deviations related to MISRA C:2012 Rules: - Tagged as `deliberate` for ECLAIR. * - R17.1 - - printf()-like functions are allowed to use the variadic features provided - by `stdarg.h`. + - printf()-like or scanf()-like functions are allowed to use the variadic + features provided by `stdarg.h`. - Tagged as `deliberate` for ECLAIR. * - R17.7 diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h index e5c9cc109972..239d000f49d1 100644 --- a/xen/common/libelf/libelf-private.h +++ b/xen/common/libelf/libelf-private.h @@ -84,7 +84,9 @@ #define elf_err(elf, fmt, args ... ) \ elf_call_log_callback(elf, 1, fmt , ## args ); -void elf_call_log_callback(struct elf_binary*, bool iserr, const char *fmt,...); +void +__attribute__ ((format (printf, 3, 4))) +elf_call_log_callback(struct elf_binary*, bool iserr, const char *fmt, ...); #define safe_strcpy(d,s) \ do { strncpy((d),(s),sizeof((d))-1); \ diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index a99605103552..2bdb4d5fb417 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -969,7 +969,9 @@ static void printk_start_of_line(const char *prefix) __putstr(tstr); } -static void vprintk_common(const char *fmt, va_list args, const char *prefix) +static void +__attribute__ ((format (printf, 1, 0))) +vprintk_common(const char *fmt, va_list args, const char *prefix) { struct vps { bool continued, do_print; -- 2.43.0
