From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PULL 14/29] enforce use of G_GNUC_PRINTF attributes
Date: Tue, 10 Jan 2023 17:02:18 +0100 [thread overview]
Message-ID: <20230110160233.339771-15-pbonzini@redhat.com> (raw)
In-Reply-To: <20230110160233.339771-1-pbonzini@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
We've been very gradually adding G_GNUC_PRINTF annotations
to functions over years. This has been useful in detecting
certain malformed printf strings, or cases where we pass
user data as the printf format which is a potential security
flaw.
Given the inherant memory corruption danger in use of format
strings vs mis-matched variadic arguments, it is worth applying
G_GNUC_PRINTF to all functions using printf, even if we know
they are safe.
The compilers can reasonably reliably identify such places
with the -Wsuggest-attribute=format / -Wmissing-format-attribute
flags.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20221219130205.687815-7-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
configure | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configure b/configure
index 6f5e77a71361..203b957a045f 100755
--- a/configure
+++ b/configure
@@ -1183,6 +1183,8 @@ add_to warn_flags -Wnested-externs
add_to warn_flags -Wendif-labels
add_to warn_flags -Wexpansion-to-defined
add_to warn_flags -Wimplicit-fallthrough=2
+add_to warn_flags -Wsuggest-attribute=format
+add_to warn_flags -Wmissing-format-attribute
nowarn_flags=
add_to nowarn_flags -Wno-initializer-overrides
--
2.38.1
next prev parent reply other threads:[~2023-01-10 16:58 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-10 16:02 [PULL 00/29] Misc patches for 2023-01-10 Paolo Bonzini
2023-01-10 16:02 ` [PULL 01/29] configure: fix GLIB_VERSION for cross-compilation Paolo Bonzini
2023-01-10 16:02 ` [PULL 02/29] i386: Emit correct error code for 64-bit IDT entry Paolo Bonzini
2023-01-10 16:02 ` [PULL 03/29] accel: introduce accelerator blocker API Paolo Bonzini
2023-01-10 16:02 ` [PULL 04/29] KVM: keep track of running ioctls Paolo Bonzini
2023-01-10 16:02 ` [PULL 05/29] kvm: Atomic memslot updates Paolo Bonzini
2023-01-10 16:02 ` [PULL 06/29] target/i386: Remove compilation errors when -Werror=maybe-uninitialized Paolo Bonzini
2023-01-10 17:19 ` Eric Auger
2023-01-11 9:18 ` Paolo Bonzini
2023-01-11 10:03 ` Philippe Mathieu-Daudé
2023-01-10 16:02 ` [PULL 07/29] chardev: clean up chardev-parallel.c Paolo Bonzini
2023-01-10 16:02 ` [PULL 08/29] gitlab: remove redundant setting of PKG_CONFIG_PATH Paolo Bonzini
2023-01-10 16:40 ` Daniel P. Berrangé
2023-01-11 9:20 ` Paolo Bonzini
2023-01-11 10:18 ` Philippe Mathieu-Daudé
2023-01-10 16:02 ` [PULL 09/29] disas: add G_GNUC_PRINTF to gstring_printf Paolo Bonzini
2023-01-10 16:02 ` [PULL 10/29] hw/xen: use G_GNUC_PRINTF/SCANF for various functions Paolo Bonzini
2023-01-10 16:02 ` [PULL 11/29] tools/virtiofsd: add G_GNUC_PRINTF for logging functions Paolo Bonzini
2023-01-10 16:02 ` [PULL 12/29] util/error: add G_GNUC_PRINTF for various functions Paolo Bonzini
2023-01-10 16:02 ` [PULL 13/29] tests: " Paolo Bonzini
2023-01-10 16:02 ` Paolo Bonzini [this message]
2023-01-10 16:02 ` [PULL 15/29] hw/display: avoid creating empty loadable modules Paolo Bonzini
2023-01-10 16:02 ` [PULL 16/29] libvhost-user: Provide _GNU_SOURCE when compiling outside of QEMU Paolo Bonzini
2023-01-10 16:02 ` [PULL 17/29] libvhost-user: Replace typeof with __typeof__ Paolo Bonzini
2023-01-10 16:02 ` [PULL 18/29] libvhost-user: Cast rc variable to avoid compiler warning Paolo Bonzini
2023-01-10 16:02 ` [PULL 19/29] libvhost-user: Use unsigned int i for some for-loop iterations Paolo Bonzini
2023-01-10 16:02 ` [PULL 20/29] libvhost-user: Declare uffdio_register early to make it C90 compliant Paolo Bonzini
2023-01-10 16:02 ` [PULL 21/29] libvhost-user: Change dev->postcopy_ufd assignment " Paolo Bonzini
2023-01-10 16:02 ` [PULL 22/29] libvduse: Provide _GNU_SOURCE when compiling outside of QEMU Paolo Bonzini
2023-01-10 16:02 ` [PULL 23/29] libvduse: Switch to unsigned int for inuse field in struct VduseVirtq Paolo Bonzini
2023-01-10 16:02 ` [PULL 24/29] libvduse: Fix assignment in vring_set_avail_event Paolo Bonzini
2023-01-10 16:02 ` [PULL 25/29] libvhost-user: " Paolo Bonzini
2023-01-10 16:02 ` [PULL 26/29] libvhost-user: Add extra compiler warnings Paolo Bonzini
2023-01-10 16:02 ` [PULL 27/29] libvduse: " Paolo Bonzini
2023-01-10 16:02 ` [PULL 28/29] target/i386: fix operand size of unary SSE operations Paolo Bonzini
2023-01-10 16:02 ` [PULL 29/29] configure: remove backwards-compatibility code Paolo Bonzini
2023-01-10 22:07 ` [PULL 00/29] Misc patches for 2023-01-10 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230110160233.339771-15-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).