Re: Fixes for compiler warnings - Mailing list pgsql-hackers

From Gregory Stark
Subject Re: Fixes for compiler warnings
Date
Msg-id 87bpu4cvrf.fsf@oxford.xeocode.com
Whole thread Raw
In response to Re: Fixes for compiler warnings  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Fixes for compiler warnings
List pgsql-hackers
Tom Lane <tgl@sss.pgh.pa.us> writes:

> The really nasty cases are like this:
>
>     const char *myfmt = gettext_noop("Some bleat about object \"%s\".");
>
>     ...
>
>     errmsg(myfmt, objectname)
>
> where there really is no simple way to convince the compiler that you
> know what you're doing without breaking functionality.  This is probably
> why -Wformat-security doesn't warn about the latter type of usage.  It
> does kind of beg the question of why bother with that warning though ...

It makes sense to me: if you have arguments for the format string then
presumably you've at some point had to check that the format string has
escapes for those arguments.

The only danger in the coding style comes from the possibility that there are
escapes you didn't anticipate. It's a lot harder to expect specific non-zero
escapes and find something else than to just not think about it at all and
unknowingly depend on having no escapes.

And it would take willful ignorance to depend on having some specific set of
escapes in an unchecked string provided by an external data source, which is
where the worst danger lies.


--  Gregory Stark EnterpriseDB          http://www.enterprisedb.com Ask me about EnterpriseDB's RemoteDBA services!


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Fixes for compiler warnings
Next
From: Magnus Hagander
Date:
Subject: Re: Fixes for compiler warnings