On 15/11/22 08:19, Stefan Weil via wrote:
With the G_GNUC_PRINTF function attribute the compiler detects two potential insecure format strings:../../../net/stream.c:248:31: warning: format string is not a string literal (potentially insecure) [-Wformat-security] qemu_set_info_str(&s->nc, uri); ^~~ ../../../net/stream.c:322:31: warning: format string is not a string literal (potentially insecure) [-Wformat-security] qemu_set_info_str(&s->nc, uri); ^~~ There are also two other warnings: ../../../net/socket.c:182:35: warning: zero-length gnu_printf format string [-Wformat-zero-length] 182 | qemu_set_info_str(&s->nc, ""); | ^~ ../../../net/stream.c:170:35: warning: zero-length gnu_printf format string [-Wformat-zero-length] 170 | qemu_set_info_str(&s->nc, ""); Signed-off-by: Stefan Weil <[email protected]> --- include/net/net.h | 3 ++- net/socket.c | 2 +- net/stream.c | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
