From b94933f5caf4e7c0e97c295d662918e7fb16f81b Mon Sep 17 00:00:00 2001 From: jsm28 Date: Thu, 7 Dec 2000 07:52:20 +0000 Subject: * c-common.c (check_format_info): Warn for non-constant format strings with strftime formats if -Wformat-nonliteral. Where the format can convert arguments, if the format is not a string literal and there are no arguments to the format, give a different warning message from the general non-string-literal case. testsuite: * gcc.dg/format-nonlit-3.c: New test. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@38105 138bc75d-0d04-0410-961f-82ee72b054a4 --- gcc/c-common.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'gcc/c-common.c') diff --git a/gcc/c-common.c b/gcc/c-common.c index 7359b04822f..5e7666a08b3 100644 --- a/gcc/c-common.c +++ b/gcc/c-common.c @@ -2345,8 +2345,29 @@ check_format_info (status, info, params) /* Functions taking a va_list normally pass a non-literal format string. These functions typically are declared with first_arg_num == 0, so avoid warning in those cases. */ - if (info->first_arg_num != 0 && warn_format_nonliteral) - status_warning (status, "format not a string literal, argument types not checked"); + if (!(format_types[info->format_type].flags & FMT_FLAG_ARG_CONVERT)) + { + /* For strftime-like formats, warn for not checking the format + string; but there are no arguments to check. */ + if (warn_format_nonliteral) + status_warning (status, "format not a string literal, format string not checked"); + } + else if (info->first_arg_num != 0) + { + /* If there are no arguments for the format at all, we may have + printf (foo) which is likely to be a security hole. */ + while (arg_num + 1 < info->first_arg_num) + { + if (params == 0) + break; + params = TREE_CHAIN (params); + ++arg_num; + } + if (params == 0 && warn_format_nonliteral) + status_warning (status, "format not a string literal and no format arguments"); + else if (warn_format_nonliteral) + status_warning (status, "format not a string literal, argument types not checked"); + } } /* If there were extra arguments to the format, normally warn. However, -- cgit v1.2.1