[llvm-bugs] [Bug 126389] `-Wformat-security` false-positive in consteval functions

Sat, 08 Feb 2025 15:46:51 -0800

Issue 126389
Summary `-Wformat-security` false-positive in consteval functions
Labels false-positive
Assignees
Reporter vvd170501 
    Reproducer:

```cpp
void FormatFunc(const char* format, ...) __attribute__((__format__(__printf__, 1, 2)));

consteval void Foo() {
    if (false) {
 FormatFunc("test");  // error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
    }
}

constexpr void Bar() {
    if (false) {
        FormatFunc("test");  // ok in constexpr
    }
}

consteval void Baz() {
    if (false) {
 FormatFunc("%s", "test");  // Adding a second arg somehow fixes the warning
    }
}
```

The warning is present in clang trunk (https://godbolt.org/z/PxqzfE1W7) and in all recent versions of clang (I checked clang16-clang19).

<details><summary>A more realistic example:</summary>

```cpp
[[noreturn]] void Panic(const char* format, ...) noexcept __attribute__((__format__(__printf__, 1, 2)));

// assert()-like macro which allows adding description to failure message
#define FANCY_ASSERT(x, ...)    \
    if (!(x)) { \
        Panic(" " __VA_ARGS__);   \
    }

constexpr int NonZeroConstexpr(int x) {
    FANCY_ASSERT(x);
    return x;
}

constexpr int x1 = NonZeroConstexpr(1);  // ok
// constexpr int x2 = NonZeroConstexpr(0);  // error - Panic(...) is not constexpr

// Same, but with consteval
consteval int NonZeroConsteval(int x) {
 FANCY_ASSERT(x);  // error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
    return x;
}
```

</details>

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to