Add format string checking annotations for dprintf(3) and vdprintf(3).
This was apparently forgotten when the functions were added. It is
required so the compiler can warn
t.c:25:25: warning: format string is not a string literal (potentially
insecure)
[-Wformat-security]
dprintf(STDOUT_FILENO, msg);
^~~
Absent -Werror, I do not expect any fallout from this, but I ran a
successful amd64 make build with it anyway.
ok?
Index: include/stdio.h
===================================================================
RCS file: /cvs/src/include/stdio.h,v
retrieving revision 1.53
diff -u -p -r1.53 stdio.h
--- include/stdio.h 9 Sep 2016 18:12:37 -0000 1.53
+++ include/stdio.h 10 Sep 2020 15:07:08 -0000
@@ -204,7 +204,9 @@ __END_DECLS
__BEGIN_DECLS
void clearerr(FILE *);
#if __POSIX_VISIBLE >= 200809
-int dprintf(int, const char * __restrict, ...);
+int dprintf(int, const char * __restrict, ...)
+ __attribute__((__format__ (printf, 2, 3)))
+ __attribute__((__nonnull__ (2)));
#endif
int fclose(FILE *);
int feof(FILE *);
@@ -266,7 +268,9 @@ int vfprintf(FILE *, const char *, __va
int vprintf(const char *, __va_list);
int vsprintf(char *, const char *, __va_list);
#if __POSIX_VISIBLE >= 200809
-int vdprintf(int, const char * __restrict, __va_list);
+int vdprintf(int, const char * __restrict, __va_list)
+ __attribute__((__format__ (printf, 2, 0)))
+ __attribute__((__nonnull__ (2)));
#endif
#if __ISO_C_VISIBLE >= 1999 || __XPG_VISIBLE >= 500 || __BSD_VISIBLE
--
Christian "naddy" Weisgerber [email protected]
