This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: -Wformat-security warnings generated in gcc build
- From: Jakub Jelinek <jakub at redhat dot com>
- To: Prathamesh Kulkarni <bilbotheelffriend at gmail dot com>
- Cc: gcc <gcc at gcc dot gnu dot org>, "Joseph S. Myers" <joseph at codesourcery dot com>
- Date: Tue, 21 Jan 2014 18:31:43 +0100
- Subject: Re: -Wformat-security warnings generated in gcc build
- Authentication-results: sourceware.org; auth=none
- References: <CAJXstsAMh25uwq5tCL86izSEMyvVtbUj4YNrmbZpFoFNVD=1Mg at mail dot gmail dot com>
- Reply-to: Jakub Jelinek <jakub at redhat dot com>
On Tue, Jan 21, 2014 at 09:09:25PM +0530, Prathamesh Kulkarni wrote:
> --- gcc/c/c-convert.c (revision 206867)
> +++ gcc/c/c-convert.c (working copy)
> @@ -79,7 +79,7 @@ convert (tree type, tree expr)
> if ((invalid_conv_diag
> = targetm.invalid_conversion (TREE_TYPE (expr), type)))
> {
> - error (invalid_conv_diag);
> + error ("%s", invalid_conv_diag);
This looks wrong. error/error_at/fatal_error and I think cpp_error
too mark the format string argument for translation (as in all these
cases the format string is actually a variable, not string literal,
that doesn't perform anything, supposedly the actual string literal
is marked with N_(...) earlier) and also the functions translate it using
gettext, which won't happen for the string passed to %s.
So I believe you actually need to use
error ("%s", _(invalid_conv_diag));
etc. instead. Of course not for the fprintf case.
Jakub