"format not a string literal" warnings

From: Hyrum K. Wright <hyrum_wright_at_mail.utexas.edu>
Date: Mon, 10 Nov 2008 07:36:33 -0600

Hi all.

Since getting rid of the deprecated warnings, I've noticed a new set of warnings
showing themselves to me. This is with gcc 4.3.2 on Ubuntu Intrepid. For example:

subversion/svnlook/main.c: In function ‘print_diff_tree’:
subversion/svnlook/main.c:967: warning: format not a string literal and no
format arguments
subversion/svnlook/main.c:986: warning: format not a string literal and no
format arguments

These happen where we use code constructs such as:
SVN_ERR(svn_cmdline_printf(pool, header->data));

The concern here is that the variable could be untrusted and this could have
security implications. The "proper" way to do this is:
SVN_ERR(svn_cmdline_printf(pool, "%s", header->data));

Now, in lots of cases the string we're directly printing is completely
internally generated, so this is just an extra step (albeit one which silences a
warning). In other cases, this may be legitimately required. However, instead
of taking the time to audit the code and make the distinction, and for
consistency's sake, we may just want change all these calls to use an explicit
format string.

Thoughts?

-Hyrum

application/pgp-signature attachment: OpenPGP digital signature

Received on 2008-11-10 14:36:53 CET

This message: [ Message body ]
Next message: Greg Stein: "Re: "format not a string literal" warnings"
Previous message: Julian Foad: "Re: svn commit: r34117 - branches/tc-resolve"
Next in thread: Greg Stein: "Re: "format not a string literal" warnings"
Reply: Greg Stein: "Re: "format not a string literal" warnings"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]