* c-common.c (check_format_info): Warn for non-constant format

	strings with strftime formats if -Wformat-nonliteral.  Where the
	format can convert arguments, if the format is not a string
	literal and there are no arguments to the format, give a different
	warning message from the general non-string-literal case.

testsuite:
	* gcc.dg/format-nonlit-3.c: New test.


git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@38105 138bc75d-0d04-0410-961f-82ee72b054a4

1 files changed, 23 insertions, 2 deletions

diff --git a/gcc/c-common.c b/gcc/c-common.c
index 7359b04822f..5e7666a08b3 100644
--- a/gcc/c-common.c
+++ b/gcc/c-common.c
@@ -2345,8 +2345,29 @@ check_format_info (status, info, params)
       /* Functions taking a va_list normally pass a non-literal format
 	 string.  These functions typically are declared with
 	 first_arg_num == 0, so avoid warning in those cases.  */
-      if (info->first_arg_num != 0 && warn_format_nonliteral)
-	status_warning (status, "format not a string literal, argument types not checked");
+      if (!(format_types[info->format_type].flags & FMT_FLAG_ARG_CONVERT))
+	{
+	  /* For strftime-like formats, warn for not checking the format
+	     string; but there are no arguments to check.  */
+	  if (warn_format_nonliteral)
+	    status_warning (status, "format not a string literal, format string not checked");
+	}
+      else if (info->first_arg_num != 0)
+	{
+	  /* If there are no arguments for the format at all, we may have
+	     printf (foo) which is likely to be a security hole.  */
+	  while (arg_num + 1 < info->first_arg_num)
+	    {
+	      if (params == 0)
+		break;
+	      params = TREE_CHAIN (params);
+	      ++arg_num;
+	    }
+	  if (params == 0 && warn_format_nonliteral)
+	    status_warning (status, "format not a string literal and no format arguments");
+	  else if (warn_format_nonliteral)
+	    status_warning (status, "format not a string literal, argument types not checked");
+	}
     }
 
   /* If there were extra arguments to the format, normally warn.  However,