Message 271349 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Jeffrey.Walton
Recipients	Jeffrey.Walton, martin.panter, pitrou, python-dev, serhiy.storchaka, vstinner
Date	2016-07-26.08:57:31
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAH8yC8nP9wvuog9m-DQHE67u5NRVWnrg2=En2=MTfmL5D4zAYQ@mail.gmail.com>
In-reply-to	<1469521895.58.0.760972010836.issue20948@psf.upfronthosting.co.za>

Content
On Tue, Jul 26, 2016 at 4:31 AM, Martin Panter <report@bugs.python.org> wrote: > > Martin Panter added the comment: > > The Modules/main.c cases are not errors. They are just long strings defined as static constants, rather than literals passed in directly. > > I think we can close this now. Unless people think this warning is worth using, in which case we should find a way to work around the false positives. > Would it be possible to add some instrumentation to silence the finding? There's no sense in having multiple developers and qa research the issue. I'm guessing a percentage of developers and qa will file bug reports, so it will burn some of the python team's cycles, too. Maybe something like: #if (GCC_VERSION >= 40600) \|\| (LLVM_CLANG_VERSION >= 10700) \|\| (APPLE_CLANG_VERSION >= 20000) # define GCC_DIAGNOSTIC_AVAILABLE 1 #endif #if GCC_DIAGNOSTIC_AVAILABLE # pragma GCC diagnostic ignored "-Wformat-security" #endif If its safe to ignore the warning, then the technique above should be safe for a C/CC/CXX/CPP files. It will not cross-pollinate because its a source file, and not a header file. Jeff

On Tue, Jul 26, 2016 at 4:31 AM, Martin Panter <report@bugs.python.org> wrote:
>
> Martin Panter added the comment:
>
> The Modules/main.c cases are not errors. They are just long strings defined as static constants, rather than literals passed in directly.
>
> I think we can close this now. Unless people think this warning is worth using, in which case we should find a way to work around the false positives.
>

Would it be possible to add some instrumentation to silence the
finding? There's no sense in having multiple developers and qa
research the issue. I'm guessing a percentage of developers and qa
will file bug reports, so it will burn some of the python team's
cycles, too.

Maybe something like:

#if (GCC_VERSION >= 40600) || (LLVM_CLANG_VERSION >= 10700) ||
(APPLE_CLANG_VERSION >= 20000)
#  define GCC_DIAGNOSTIC_AVAILABLE 1
#endif

#if GCC_DIAGNOSTIC_AVAILABLE
#  pragma GCC diagnostic ignored "-Wformat-security"
#endif

If its safe to ignore the warning, then the technique above should be
safe for a C/CC/CXX/CPP files. It will not cross-pollinate because its
a source file, and not a header file.

Jeff

History
Date	User	Action	Args
2016-07-26 08:57:32	Jeffrey.Walton	set	recipients: + Jeffrey.Walton, pitrou, vstinner, python-dev, martin.panter, serhiy.storchaka
2016-07-26 08:57:31	Jeffrey.Walton	link	issue20948 messages
2016-07-26 08:57:31	Jeffrey.Walton	create