diff options
| author | David Mitchell <davem@iabyn.com> | 2013-11-28 16:46:15 +0000 |
|---|---|---|
| committer | David Mitchell <davem@iabyn.com> | 2013-11-28 17:03:49 +0000 |
| commit | 5d37acd6b65eb421e938a3fde62cc1edde467dae (patch) | |
| tree | 905d9b7ae0be58425baa6f089e070f0cde45e713 /proto.h | |
| parent | b56aac20bc53699e4a5ea975542404fb371cf085 (diff) | |
| download | perl-5d37acd6b65eb421e938a3fde62cc1edde467dae.tar.gz | |
silence -Wformat-nonliteral compiler warnings
Due to the security risks associated with user-supplied formats
being passed to C-level printf() style functions (eg %n),
gcc has a -Wformat-nonliteral warning that complains whenever such a
function is passed a non-literal format string.
This commit silences all such warnings in core and ext/.
The main changes are
1) the 'f' (format) flag in embed.fnc is now handled slightly more
cleverly. Rather than just applying to functions whose last arg is '...'
(and where the format arg is assumed to be the previous arg), it
can now handle non-'...' functions: arg checking is disabled, but format
checking is sill done: it works by assuming that an arg called 'fmt',
'pat' or 'f' is the format string (and dies if fails to find exactly one
such arg).
2) with the new embed.fnc functionally, more functions have been marked
with the 'f' flag. When such a function passes its fmt arg onto an inner
printf-like function, we simply disable the warning for that call using
GCC_DIAG_IGNORE(-Wformat-nonliteral), since we know that the caller must
have already checked it.
3) In quite a few places the format string isn't literal, but it *is*
constant (e.g. PL_warn_uninit_sv). For those cases, again disable the
warning.
4) In pp_formline(), a particular format was was one of several different
literal strings depending on circumstances. Rather than assigning this
string to a temporary variable, incorporate the ?: branches directly in
the function call arg. gcc is clever enough to decide the arg is then
always literal.
Diffstat (limited to 'proto.h')
| -rw-r--r-- | proto.h | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -2681,7 +2681,7 @@ PERL_CALLCONV int Perl_my_socketpair(int family, int type, int protocol, int fd[ /* PERL_CALLCONV I32 Perl_my_stat(pTHX); */ PERL_CALLCONV I32 Perl_my_stat_flags(pTHX_ const U32 flags); PERL_CALLCONV char * Perl_my_strftime(pTHX_ const char *fmt, int sec, int min, int hour, int mday, int mon, int year, int wday, int yday, int isdst) - __attribute__format__null_ok__(__strftime__,pTHX_1,0) + __attribute__format__(__strftime__,pTHX_1,0) __attribute__nonnull__(pTHX_1); #define PERL_ARGS_ASSERT_MY_STRFTIME \ assert(fmt) @@ -4647,6 +4647,7 @@ PERL_CALLCONV void Perl_sys_init3(int* argc, char*** argv, char*** env) PERL_CALLCONV void Perl_sys_term(void); PERL_CALLCONV void Perl_taint_env(pTHX); PERL_CALLCONV void Perl_taint_proper(pTHX_ const char* f, const char *const s) + __attribute__format__null_ok__(__printf__,pTHX_1,0) __attribute__nonnull__(pTHX_2); #define PERL_ARGS_ASSERT_TAINT_PROPER \ assert(s) @@ -5343,6 +5344,7 @@ STATIC void S_del_sv(pTHX_ SV *p) # endif # if defined(PERL_IN_TOKE_C) STATIC void S_printbuf(pTHX_ const char *const fmt, const char *const s) + __attribute__format__(__printf__,pTHX_1,0) __attribute__nonnull__(pTHX_1) __attribute__nonnull__(pTHX_2); #define PERL_ARGS_ASSERT_PRINTBUF \ |