On Fri, Oct 12, 2018 at 07:40:37PM +0100, Thomas Gummerer wrote:
> 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08) added
> the -Wformat-security to the flags set in config.mak.dev. In the gcc
> man page this is documented as:
>
> If -Wformat is specified, also warn about uses of format
> functions that represent possible security problems. [...]
>
> That commit did however not add the -Wformat flag, and -Wformat is not
> specified anywhere else by default, so the added -Wformat-security had
> no effect. Newer versions of gcc (gcc 8.2.1 in this particular case)
> warn about this and thus compilation fails with this option set.
>
> Fix that, and make -Wformat-security actually useful by adding the
> -Wformat flag as well. git compiles cleanly with both these flags
> applied.
-Wformat is part of -Wall, which we already turn on by default (even for
non-developer builds).
So I don't think we need to do anything more, though I'm puzzled that
you saw a failure. Do you set CFLAGS explicitly in your config.mak to
something that doesn't include -Wall?
I'm not opposed to making config.mak.dev a bit more redundant to handle
this case, but we'd probably want to include all of -Wall, since it
contains many other warnings we'd want to make sure are enabled.
-Peff
