On Wed, Sep 08, 2021 at 01:37:34PM +0100, Stuart Henderson wrote: > On 2021/09/07 21:24, Christian Weisgerber wrote: > > Earlier today, semarie@ committed a change that will now cause base > > clang to warn when the %n specifier appears in a format string for > > the printf(3) family of functions: > > > > warning: '%n' format specifier support is deactivated and will call abort(3) > > By the way, as jca@ said earlier: "There may be others that can't be > flagged by the compiler [...] because of indirections through wrapper > functions." - so, runtime tests will possibly pick up more software > needing attention. >
I agree. This format string is checked because clang detects it as format string. clang is using function attribute (like __attribute__((__format__ (printf, 1, 2)))) for this purpose. Standard printf(3) family functions has it: it will properly detect %n on them. User functions using __format__ attribute will be checked too. It could lead to (semi-)false positive like for exim (the function is home-made so do not carry abort(3) on %n usage, but it doesn't mean it is a good thing). But if a user function doesn't use the __format__ attribute, and pass an argument as format string to printf(3), it will not be checked, but it will abort(3) at runtime. Thanks. -- Sebastien Marie
