[PATCH]: eb495be6e8 helper/log: mark 'fmt' argument of alloc_*printf() as not NULL

[<ge...@op...>]

This is an automated email from Gerrit.

"Antonio Borneo <bor...@gm...>" just uploaded a new patch set to Gerrit, which you can find at https://review.openocd.org/c/openocd/+/9166

-- gerrit

commit eb495be6e8ab72dacd477d2853d87fa326681ffa
Author: Antonio Borneo <bor...@gm...>
Date:   Sun Oct 12 11:30:00 2025 +0200

    helper/log: mark 'fmt' argument of alloc_*printf() as not NULL
    
    Even after commit e12ceddd5ee4 ("helper/log: mark `fmt` argument
    of `alloc_vprintf()` as format string"), the GCC compiler still
    reports that alloc_vprintf() could call vsnprintf() with a NULL
    format parameter.
    
    Inform the compiler that alloc_vprintf() cannot accept NULL as
    format string.
    Add an assert() in alloc_vprintf() so even compilers that do not
    use the function attribute 'nonnull' will play safe.
    While there, extend the same fixes to alloc_printf() too.
    
    Change-Id: Idfa4fe9c6dfb2acfbf434c392237937ae03f0e8a
    Signed-off-by: Antonio Borneo <bor...@gm...>
    Reported-by: Parshintsev Anatoly <ana...@sy...>

diff --git a/src/helper/log.c b/src/helper/log.c
index d8c4e09ac7..53463b526c 100644
--- a/src/helper/log.c
+++ b/src/helper/log.c
@@ -354,6 +354,8 @@ char *alloc_vprintf(const char *fmt, va_list ap)
 	int len;
 	char *string;
 
+	assert(fmt);
+
 	/* determine the length of the buffer needed */
 	va_copy(ap_copy, ap);
 	len = vsnprintf(NULL, 0, fmt, ap_copy);
diff --git a/src/helper/log.h b/src/helper/log.h
index ac24f8e833..06770553c4 100644
--- a/src/helper/log.h
+++ b/src/helper/log.h
@@ -15,6 +15,7 @@
 #define OPENOCD_HELPER_LOG_H
 
 #include <helper/command.h>
+#include <helper/compiler.h>
 
 /* To achieve C99 printf compatibility in MinGW, gnu_printf should be
  * used for __attribute__((format( ... ))), with GCC v4.4 or later
@@ -86,9 +87,9 @@ int log_add_callback(log_callback_fn fn, void *priv);
 int log_remove_callback(log_callback_fn fn, void *priv);
 
 char *alloc_vprintf(const char *fmt, va_list ap)
-	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 0)));
+	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 0))) __nonnull((1));
 char *alloc_printf(const char *fmt, ...)
-	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 2)));
+	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 2))) __nonnull((1));
 
 const char *find_nonprint_char(const char *buf, unsigned int buf_len);
 

--