This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Jeffrey.Walton
Recipients Jeffrey.Walton
Date 2014-03-16.17:41:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1394991695.88.0.958685925479.issue20948@psf.upfronthosting.co.za>
In-reply-to
Content 
$ hg id
3736bf94535c+ tip

-Wformat=2 -Wformat-security are useful for detecting possible security related bugs. Compiling with the two options produced a few hits in the source code.

/usr/bin/gcc -pthread -c -Wno-unused-result -Werror=declaration-after-statement -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align  -Wtrampolines  -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align  -Wtrampolines    -I. -IInclude -I./Include    -DPy_BUILD_CORE -o Objects/unicodeobject.o cpython/./Objects/unicodeobject.c
cpython/./Objects/unicodeobject.c: In function ‘unicode_fromformat_arg’:
cpython/./Objects/unicodeobject.c:2527:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2531:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2535:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2538:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2542:13: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2549:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2553:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2557:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Objects/unicodeobject.c:2560:25: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]

I think those are necessary for to `unicode_fromformat_arg`.

/usr/bin/gcc -pthread -c -Wno-unused-result -Werror=declaration-after-statement -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align  -Wtrampolines  -fno-common -Wstrict-overflow -Wformat=2 -Wformat-security -Wcast-align  -Wtrampolines    -I. -IInclude -I./Include    -DPy_BUILD_CORE -o Modules/main.o cpython/./Modules/main.c
cpython/./Modules/main.c: In function ‘usage’:
cpython/./Modules/main.c:111:5: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Modules/main.c:118:9: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
cpython/./Modules/main.c:119:9: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]

I think the occurrences in main.c could benefit from "%s" to ensure the program does not accidentally leak.
History
Date User Action Args
2014-03-16 17:41:35Jeffrey.Waltonsetrecipients: + Jeffrey.Walton
2014-03-16 17:41:35Jeffrey.Waltonsetmessageid: <1394991695.88.0.958685925479.issue20948@psf.upfronthosting.co.za>
2014-03-16 17:41:35Jeffrey.Waltonlinkissue20948 messages
2014-03-16 17:41:35Jeffrey.Waltoncreate