This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: -Wformat-security warnings generated in gcc build

From: Jakub Jelinek <jakub at redhat dot com>
To: Prathamesh Kulkarni <bilbotheelffriend at gmail dot com>
Cc: gcc <gcc at gcc dot gnu dot org>, "Joseph S. Myers" <joseph at codesourcery dot com>
Date: Tue, 21 Jan 2014 18:31:43 +0100
Subject: Re: -Wformat-security warnings generated in gcc build
Authentication-results: sourceware.org; auth=none
References: <CAJXstsAMh25uwq5tCL86izSEMyvVtbUj4YNrmbZpFoFNVD=1Mg at mail dot gmail dot com>
Reply-to: Jakub Jelinek <jakub at redhat dot com>

On Tue, Jan 21, 2014 at 09:09:25PM +0530, Prathamesh Kulkarni wrote:
> --- gcc/c/c-convert.c	(revision 206867)
> +++ gcc/c/c-convert.c	(working copy)
> @@ -79,7 +79,7 @@ convert (tree type, tree expr)
>    if ((invalid_conv_diag
>         = targetm.invalid_conversion (TREE_TYPE (expr), type)))
>      {
> -      error (invalid_conv_diag);
> +      error ("%s", invalid_conv_diag);

This looks wrong.  error/error_at/fatal_error and I think cpp_error
too mark the format string argument for translation (as in all these
cases the format string is actually a variable, not string literal,
that doesn't perform anything, supposedly the actual string literal
is marked with N_(...) earlier) and also the functions translate it using
gettext, which won't happen for the string passed to %s.
So I believe you actually need to use
      error ("%s", _(invalid_conv_diag));
etc. instead.  Of course not for the fprintf case.

	Jakub

References:
- -Wformat-security warnings generated in gcc build
  - From: Prathamesh Kulkarni

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]