[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

"format not a string literal" warnings

From: Hyrum K. Wright <hyrum_wright_at_mail.utexas.edu>
Date: Mon, 10 Nov 2008 07:36:33 -0600

Hi all.

Since getting rid of the deprecated warnings, I've noticed a new set of warnings
showing themselves to me. This is with gcc 4.3.2 on Ubuntu Intrepid. For example:

subversion/svnlook/main.c: In function ‘print_diff_tree’:
subversion/svnlook/main.c:967: warning: format not a string literal and no
format arguments
subversion/svnlook/main.c:986: warning: format not a string literal and no
format arguments

These happen where we use code constructs such as:
SVN_ERR(svn_cmdline_printf(pool, header->data));

The concern here is that the variable could be untrusted and this could have
security implications. The "proper" way to do this is:
SVN_ERR(svn_cmdline_printf(pool, "%s", header->data));

Now, in lots of cases the string we're directly printing is completely
internally generated, so this is just an extra step (albeit one which silences a
warning). In other cases, this may be legitimately required. However, instead
of taking the time to audit the code and make the distinction, and for
consistency's sake, we may just want change all these calls to use an explicit
format string.

Thoughts?

-Hyrum

Received on 2008-11-10 14:36:53 CET

This is an archived mail posted to the Subversion Dev mailing list.