Re: Use (f)puts instead of (f)printf when possible.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Bruno wrote:
-----
! fprintf(stderr, GETTEXTL("Warning: "));
! fputs(GETTEXTL("Warning: "),stderr);
1) There is an (undocumented) way to avoid this security warning.
Test case:
===============================================================================
#include <stdio.h>
extern const char * transform1 (const char * s);
extern const char * transform2 (const char * s) __attribute__ ((__format_arg__ (1)));
void foo1 () { fprintf(stderr, transform1("Hello")); }
void foo2 () { fprintf(stderr, transform2("Hello")); }
===============================================================================
$ gcc -S -Wall -Wformat-security foo.c
foo.c: In function 'foo1':
foo.c:4:1: warning: format not a string literal and no format arguments [-Wformat-security]
 void foo1 () { fprintf(stderr, transform1("Hello")); }
 ^~~~
As you can see, this __attribute__ ((__format_arg__ (1))) has the effect of
avoiding the warning.
-----

What is undocumented?
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html
https://gcc.gnu.org/onlinedocs/gcc-3.1/gcc/Function-Attributes.html
... mentions __attribute__ ((format_arg...)).

Is the side-effect undocumented? But that's specifically the intention of using such an attribute:
Have the compiler know & check where format strings are, or let the programmer declaim that the function
is safe -- here I find that declaration completely unsafe, because it depends on foreign PO/MO files' contents!!

Funny, I remember attribute((format)), but format_arg was new to me today.

Summary: either
- use %s with printf, or
- avoid %s and printf altogether and instead use fputs.

Regards,
	Jörg