https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
--- Comment #79 from Andrew Church <achurch+gcc at achurch dot org> ---
(In reply to Segher Boessenkool from comment #78)
> If someone (the user, the author, anyone) used warn_unused_result where it is
> not appropriate, just fix *that*. The attribute is specifically for cases
> where not looking at the result value is a big (often hard to find) bug,
The issue here is that the library user _cannot_ (realistically) fix improper
usage of WUR by the library author. The intent of -Wunused-result=... is to
offer a low-resistance path with fewer side effects than just a blanket
-Wno-unused-result.
> or even a security problem.
The question of whether ignoring a return value from a function is a security
problem is rarely a static determination. Does the following function raise a
security problem?
void spawn_command(const char *cmd) {
(void) system(cmd);
}
In some cases certainly, but if cmd is just setting keyboard LEDs to indicate
progress, probably not. Only the library user knows for sure, so the library
author should not be using WUR here (though the weaker [[nodiscard]] would
arguably be appropriate).
If glibc had stuck to just using WUR on realloc(), this entire discussion would
probably never had arisen, because everyone can agree that ignoring the return
value from realloc() is an error (or a deliberate sticking-out-of-the-tongue to
show that there's exactly one case it's safe to ignore the return value from
realloc(), which is when it's called with a size of zero, and _that_ is a case
I'll happily disregard.)
