On Mon, Oct 17, 2005 at 11:49:05AM +0200, Hagen Paul Pfeifer wrote:
> Following code generate a _dubious_ warning message:
>
> int main(void) {
> const char * const literal = "xxx";
> fprintf(stderr, literal);
> return 0;
> }
>
> cc -Wall -Wformat-security -o main main.c
> main.c: In function `main':
> main.c:9: warning: format not a string literal and no format arguments
>
> check_format_info() in gcc/c-format.c doesn't check if the format
> argument is a _pointer_ to a string literal.
If we go down that route, the option would only work correctly if
optimization is enabled, because you expect gcc to trace the source
of pointers, and see what the pointers point to, and check the original
strings for format characters.
