http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39044
Manuel López-Ibáñez <manu at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |manu at gcc dot gnu.org
Resolution| |WONTFIX
--- Comment #6 from Manuel López-Ibáñez <manu at gcc dot gnu.org> 2012-05-06
12:26:36 UTC ---
(In reply to comment #2)
> Ah, you're right. Gentoo enables -Wformat-security by default now. I'll bug
> them about this.
>
> On the other hand, this does not generate a warning. Why?
printf(s) is always wrong. You should have used fputs().
To get a warning for printf(s,t), you need -Wformat=2 (or -Wformat-nonliteral).
I guess the reason is that there is no real alternative if you need such a
code.
(In reply to comment #3)
> i'd reconstruct this report as gcc not properly handling constant strings with
> printf() when the string is readily available to it and clearly does not
> change
In the examples here, the code is arguably safe, and GCC should not warn. But
to reach that conclusion, the front ends would need to do constant propagation,
and this is not implemented, and not likely to be ever implemented by existing
contributors. I think it would be widely useful to have some sort of constant
propagation in the FEs, but it would take someone extremely motivated and
skilled to get it done properly. Unfortunately, I am not aware of any
candidates. If you know of any, please let me know.
