Created attachment 25076 [details] test case When a function is declared as taking a printf or scanf format string, gcc gives a warning when a format string with invalid syntax is passed. It should also give a warning when a NULL format string is passed. How to reproduce: Save the test case file as foo.c. $ gcc -Wformat=2 -c foo.c [no warning] $ gcc -Wformat=2 -c foo.c -DDECLARE_NONNULL foo.c: In function 'foo': foo.c:10:3: warning: null argument where non-null required (argument 3) [-Wnonnull] Rationale: 1) ISO C 99 specifies that the printf and scanf format strings must be "multibyte character sequences"; that excludes NULL. See ISO C 99 sections 7.19.6.1 paragraph 3 and 7.19.6.2 paragraph 3. 2) Passing NULL as first argument to printf crashes the program on FreeBSD, Solaris, and other platforms.
Created attachment 25077 [details] test case (corrected)
I think it is better if the person adds nonnull attribute themselves rather than GCC adding it with the printf format.
Yeah, I agree with that.