From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/9181 Path: news.gmane.org!not-for-mail From: Hauke Mehrtens Newsgroups: gmane.linux.lib.musl.general Subject: Re: [PATCH] Add format attribute to some function declarations Date: Sat, 23 Jan 2016 22:30:32 +0100 Message-ID: <56A3F0F8.7010104@hauke-m.de> References: <1453581976-10098-1-git-send-email-hauke@hauke-m.de> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1453584648 16695 80.91.229.3 (23 Jan 2016 21:30:48 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 23 Jan 2016 21:30:48 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-9194-gllmg-musl=m.gmane.org@lists.openwall.com Sat Jan 23 22:30:47 2016 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1aN5le-0000tt-OV for gllmg-musl@m.gmane.org; Sat, 23 Jan 2016 22:30:46 +0100 Original-Received: (qmail 15907 invoked by uid 550); 23 Jan 2016 21:30:45 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 15886 invoked from network); 23 Jan 2016 21:30:44 -0000 X-Enigmail-Draft-Status: N1110 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0 In-Reply-To: X-Spam-Status: No, score=-1.0 required=7.0 tests=ALL_TRUSTED,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on hauke-m.de Xref: news.gmane.org gmane.linux.lib.musl.general:9181 Archived-At: On 01/23/2016 10:05 PM, Alexander Monakov wrote: > On Sat, 23 Jan 2016, Hauke Mehrtens wrote: > >> GCC and Clang are able to check the format arguments given to a >> function and warn the user if there is a error in the format arguments >> or if there is a potential uncontrolled format string security problem >> in the code. GCC does this automatically for some functions like >> printf(), but it is also possible to annotate other functions in a way >> that it will check them too. This feature is used by glibc for many >> functions. This patch adds the attribute to the some functions of musl >> expect for these functions where gcc automatically adds it. > > Here's how a similar change was done the last time around: > http://git.musl-libc.org/cgit/musl/commit/?id=ccc71e0ea881b7f6594ed95afd706442829c39fc Ok, I will do it in a similar way. Is there a central file where I can put the "#if __GNUC__ >= 3" or should I put it into all 4 files? > Note that that approach avoids repeating #ifdef __GNUC__ ... > > How did you choose which functions from stdio.h to annotate? Are you saying > that gcc is unaware of snprintf while it recognizes sprintf? snprintf is only check when in C99 mode. This is from the GCC documentation: > The compiler always (unless -ffreestanding or -fno-builtin is used) > checks formats for the standard library functions printf, fprintf, > sprintf, scanf, fscanf, sscanf, strftime, vprintf, vfprintf and > vsprintf whenever such warnings are requested (using -Wformat), so > there is no need to modify the header file stdio.h. In C99 mode, the > functions snprintf, vsnprintf, vscanf, vfscanf and vsscanf are also > checked. Except in strictly conforming C standard modes, the X/Open > function strfmon is also checked as are printf_unlocked and > fprintf_unlocked. See Options Controlling C Dialect. glibc did it the same way. Hauke