* [RFC] build: Enable -Wformat -Wformat-security in maintainer mode
@ 2014-12-29 12:49 Szymon Janc
2014-12-29 14:32 ` Luiz Augusto von Dentz
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Szymon Janc @ 2014-12-29 12:49 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Szymon Janc
__attribute__((format(printf))) doesn't seem to catch missing format
string in function call ie.
char *p = "foo";
printf(p);
vs
printf("%s", p);
Enabling -Wformat -Wformat-security warns in such case.
---
This should allow to early catch bugs like those fixed in
patch "Add missing format specifiers in src/error.c" sent by
Mariusz.
acinclude.m4 | 1 +
1 file changed, 1 insertion(+)
diff --git a/acinclude.m4 b/acinclude.m4
index 960d54c..bc39c6d 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -21,6 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [
with_cflags="$with_cflags -Wredundant-decls"
with_cflags="$with_cflags -Wcast-align"
with_cflags="$with_cflags -Wswitch-enum"
+ with_cflags="$with_cflags -Wformat -Wformat-security"
with_cflags="$with_cflags -DG_DISABLE_DEPRECATED"
with_cflags="$with_cflags -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28"
with_cflags="$with_cflags -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_28"
--
1.9.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC] build: Enable -Wformat -Wformat-security in maintainer mode
2014-12-29 12:49 [RFC] build: Enable -Wformat -Wformat-security in maintainer mode Szymon Janc
@ 2014-12-29 14:32 ` Luiz Augusto von Dentz
2014-12-29 17:42 ` Marcel Holtmann
2015-01-02 17:03 ` Szymon Janc
2 siblings, 0 replies; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2014-12-29 14:32 UTC (permalink / raw)
To: Szymon Janc; +Cc: linux-bluetooth@vger.kernel.org
Hi Szymon,
On Mon, Dec 29, 2014 at 10:49 AM, Szymon Janc <szymon.janc@tieto.com> wrote:
> __attribute__((format(printf))) doesn't seem to catch missing format
> string in function call ie.
>
> char *p = "foo";
>
> printf(p);
> vs
> printf("%s", p);
>
> Enabling -Wformat -Wformat-security warns in such case.
> ---
>
> This should allow to early catch bugs like those fixed in
> patch "Add missing format specifiers in src/error.c" sent by
> Mariusz.
>
> acinclude.m4 | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/acinclude.m4 b/acinclude.m4
> index 960d54c..bc39c6d 100644
> --- a/acinclude.m4
> +++ b/acinclude.m4
> @@ -21,6 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [
> with_cflags="$with_cflags -Wredundant-decls"
> with_cflags="$with_cflags -Wcast-align"
> with_cflags="$with_cflags -Wswitch-enum"
> + with_cflags="$with_cflags -Wformat -Wformat-security"
> with_cflags="$with_cflags -DG_DISABLE_DEPRECATED"
> with_cflags="$with_cflags -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28"
> with_cflags="$with_cflags -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_28"
> --
> 1.9.3
+1, at least I don't see any reason not to enable it.
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] build: Enable -Wformat -Wformat-security in maintainer mode
2014-12-29 12:49 [RFC] build: Enable -Wformat -Wformat-security in maintainer mode Szymon Janc
2014-12-29 14:32 ` Luiz Augusto von Dentz
@ 2014-12-29 17:42 ` Marcel Holtmann
2014-12-29 18:11 ` Szymon Janc
2015-01-02 17:03 ` Szymon Janc
2 siblings, 1 reply; 5+ messages in thread
From: Marcel Holtmann @ 2014-12-29 17:42 UTC (permalink / raw)
To: Szymon Janc; +Cc: linux-bluetooth
Hi Szymon,
> __attribute__((format(printf))) doesn't seem to catch missing format
> string in function call ie.
>
> char *p = "foo";
>
> printf(p);
> vs
> printf("%s", p);
>
> Enabling -Wformat -Wformat-security warns in such case.
> ---
>
> This should allow to early catch bugs like those fixed in
> patch "Add missing format specifiers in src/error.c" sent by
> Mariusz.
>
> acinclude.m4 | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/acinclude.m4 b/acinclude.m4
> index 960d54c..bc39c6d 100644
> --- a/acinclude.m4
> +++ b/acinclude.m4
> @@ -21,6 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [
> with_cflags="$with_cflags -Wredundant-decls"
> with_cflags="$with_cflags -Wcast-align"
> with_cflags="$with_cflags -Wswitch-enum"
> + with_cflags="$with_cflags -Wformat -Wformat-security"
> with_cflags="$with_cflags -DG_DISABLE_DEPRECATED"
> with_cflags="$with_cflags -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28"
> with_cflags="$with_cflags -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_28"
no objections from my side. However I had gcc versions where this one was enabled by default.
Regards
Marcel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] build: Enable -Wformat -Wformat-security in maintainer mode
2014-12-29 17:42 ` Marcel Holtmann
@ 2014-12-29 18:11 ` Szymon Janc
0 siblings, 0 replies; 5+ messages in thread
From: Szymon Janc @ 2014-12-29 18:11 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: linux-bluetooth
Hi Marcel,
On Monday 29 of December 2014 09:42:46 Marcel Holtmann wrote:
> Hi Szymon,
>
> > __attribute__((format(printf))) doesn't seem to catch missing format
> > string in function call ie.
> >
> > char *p = "foo";
> >
> > printf(p);
> > vs
> > printf("%s", p);
> >
> > Enabling -Wformat -Wformat-security warns in such case.
> > ---
> >
> > This should allow to early catch bugs like those fixed in
> > patch "Add missing format specifiers in src/error.c" sent by
> > Mariusz.
> >
> > acinclude.m4 | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/acinclude.m4 b/acinclude.m4
> > index 960d54c..bc39c6d 100644
> > --- a/acinclude.m4
> > +++ b/acinclude.m4
> > @@ -21,6 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [
> >
> > with_cflags="$with_cflags -Wredundant-decls"
> > with_cflags="$with_cflags -Wcast-align"
> > with_cflags="$with_cflags -Wswitch-enum"
> >
> > + with_cflags="$with_cflags -Wformat -Wformat-security"
> >
> > with_cflags="$with_cflags -DG_DISABLE_DEPRECATED"
> > with_cflags="$with_cflags -
DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28"
> > with_cflags="$with_cflags -
DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_28"
>
> no objections from my side. However I had gcc versions where this one was
> enabled by default.
It looks like Ubuntu 13.04 and newer enable format-security by default.
Maybe some other distros do the same, yet at least F20 doesn't.
--
BR
Szymon Janc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] build: Enable -Wformat -Wformat-security in maintainer mode
2014-12-29 12:49 [RFC] build: Enable -Wformat -Wformat-security in maintainer mode Szymon Janc
2014-12-29 14:32 ` Luiz Augusto von Dentz
2014-12-29 17:42 ` Marcel Holtmann
@ 2015-01-02 17:03 ` Szymon Janc
2 siblings, 0 replies; 5+ messages in thread
From: Szymon Janc @ 2015-01-02 17:03 UTC (permalink / raw)
To: linux-bluetooth
On Monday 29 of December 2014 13:49:22 Szymon Janc wrote:
> __attribute__((format(printf))) doesn't seem to catch missing format
> string in function call ie.
>
> char *p = "foo";
>
> printf(p);
> vs
> printf("%s", p);
>
> Enabling -Wformat -Wformat-security warns in such case.
> ---
>
> This should allow to early catch bugs like those fixed in
> patch "Add missing format specifiers in src/error.c" sent by
> Mariusz.
>
> acinclude.m4 | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/acinclude.m4 b/acinclude.m4
> index 960d54c..bc39c6d 100644
> --- a/acinclude.m4
> +++ b/acinclude.m4
> @@ -21,6 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [
> with_cflags="$with_cflags -Wredundant-decls"
> with_cflags="$with_cflags -Wcast-align"
> with_cflags="$with_cflags -Wswitch-enum"
> + with_cflags="$with_cflags -Wformat -Wformat-security"
> with_cflags="$with_cflags -DG_DISABLE_DEPRECATED"
> with_cflags="$with_cflags -
DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28"
> with_cflags="$with_cflags -
DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_28"
Applied.
--
BR
Szymon Janc
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-01-02 17:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-29 12:49 [RFC] build: Enable -Wformat -Wformat-security in maintainer mode Szymon Janc
2014-12-29 14:32 ` Luiz Augusto von Dentz
2014-12-29 17:42 ` Marcel Holtmann
2014-12-29 18:11 ` Szymon Janc
2015-01-02 17:03 ` Szymon Janc
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).