ok deraadt Christian Weisgerber <[email protected]> wrote:
> Add format string checking annotations for dprintf(3) and vdprintf(3). > > This was apparently forgotten when the functions were added. It is > required so the compiler can warn > > t.c:25:25: warning: format string is not a string literal (potentially > insecure) > [-Wformat-security] > dprintf(STDOUT_FILENO, msg); > ^~~ > > Absent -Werror, I do not expect any fallout from this, but I ran a > successful amd64 make build with it anyway. > > ok? > > Index: include/stdio.h > =================================================================== > RCS file: /cvs/src/include/stdio.h,v > retrieving revision 1.53 > diff -u -p -r1.53 stdio.h > --- include/stdio.h 9 Sep 2016 18:12:37 -0000 1.53 > +++ include/stdio.h 10 Sep 2020 15:07:08 -0000 > @@ -204,7 +204,9 @@ __END_DECLS > __BEGIN_DECLS > void clearerr(FILE *); > #if __POSIX_VISIBLE >= 200809 > -int dprintf(int, const char * __restrict, ...); > +int dprintf(int, const char * __restrict, ...) > + __attribute__((__format__ (printf, 2, 3))) > + __attribute__((__nonnull__ (2))); > #endif > int fclose(FILE *); > int feof(FILE *); > @@ -266,7 +268,9 @@ int vfprintf(FILE *, const char *, __va > int vprintf(const char *, __va_list); > int vsprintf(char *, const char *, __va_list); > #if __POSIX_VISIBLE >= 200809 > -int vdprintf(int, const char * __restrict, __va_list); > +int vdprintf(int, const char * __restrict, __va_list) > + __attribute__((__format__ (printf, 2, 0))) > + __attribute__((__nonnull__ (2))); > #endif > > #if __ISO_C_VISIBLE >= 1999 || __XPG_VISIBLE >= 500 || __BSD_VISIBLE > -- > Christian "naddy" Weisgerber [email protected] >
