string - Valid printf() statements in C -

-

given that:

char *message = "hello, world"; char *format  = "x=%i\n"; int x = 10;

why printf (message); invalid (i.e. rejected compiler being potentially insecure) , printf (format, x); isn't?

is format treated string literal in case , message format string? if so, why?


update

know why printf (message); rejected. question is, why printf (format, x); not rejected too.

i'm using clang. error message printf (message); format string not string literal (potentially insecure).

it compiles fine under gcc. appear compiler specific , how clang sets warnings.

you can warning in both cases enabling -wformat-nonliteral option, not included in either -wall or -wextra (but is in -weverything).

for whatever reason, seems intentional design decision emit security warning when non-literal printf statement takes no additional arguments. source code emits warning can found in lib/sema/semachecking.cpp:

  // if there no arguments specified, warn -wformat-security, otherwise   // warn -wformat-nonliteral.   if (args.size() == firstdataarg)     diag(args[format_idx]->getlocstart(),          diag::warn_format_nonliteral_noargs)       << origformatexpr->getsourcerange();   else     diag(args[format_idx]->getlocstart(),          diag::warn_format_nonliteral)            << origformatexpr->getsourcerange();

i'd guess compatibility existing legacy code, that's pure speculation.


Comments

Post a Comment

Popular posts from this blog

google api - Incomplete response from Gmail API threads.list -

-
i plot number of emails in inbox on time using gmail api , i'm seeing lot of drop-outs, whatever reason i'm getting incomplete count of messages @ single time points. my plots here: https://plot.ly/~tdsmith/2 -- "drop-outs" i'm complaining trace shoots downwards , recovers previous level @ next timepoint. the code i'm using count emails here: https://github.com/tdsmith/gmail-plotly/blob/master/gmail-plotly.py#l47-l64 what can diagnose these faults?
Read more

Installing Android SQLite Asset Helper -

-
i need use ready made database. search solution on internet did not work until decided use mentioned library found here . however, found hard use library in installation procedures shallow beginners. i appreciate step step procedure on how use android studio. in struggle tried copying sources main/libs , adding line gradle did not work. use api 19 if helps. update here build.gradle // top-level build file can add configuration options common sub-projects/modules. buildscript { repositories { mavencentral() } dependencies { classpath 'com.android.tools.build:gradle:0.11.+' compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+' // note: not place application dependencies here; belong // in individual module build.gradle files } } allprojects { repositories { mavencentral() } } trying compile project error error:(9, 0) no signature of method: org.gradle.api.internal.artifacts
Read more

Qt Creator - Searching files with Locator including folder -

-
one quick question qtcreator : know possible use locator open files using "ctrl-k" shortcut. however, possible search files including locations? for example, let's want locate file named "main.cpp" in folder named "myfolder" , have lots of other main.cpp files. what should type locator in order open ? just type myfolder/main.cpp in locator
Read more