[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [PATCH] tests/Makefile: Suppress format-security warn
From: |
Peter Maydell |
Subject: |
Re: [Qemu-trivial] [PATCH] tests/Makefile: Suppress format-security warnings on JSON tests |
Date: |
Wed, 26 Feb 2014 23:26:06 +0000 |
On 26 February 2014 22:58, Paolo Bonzini <address@hidden> wrote:
> Il 26/02/2014 23:47, Peter Maydell ha scritto:
>
>> Some of our test binaries programmatically generate JSON format
>> strings to feed to qobject_from_json(). Since that function is
>> marked with GCC_FMT_ATTR(), clang complains about this:
>> tests/test-qmp-input-visitor.c:76:35: warning: format string is not a
>> string literal (potentially insecure) [-Wformat-security]
>> data->obj = qobject_from_json(json_string);
>> ^~~~~~~~~~~
>
>
> qobject_from_json shouldn't have a GCC_FMT_ATTR marker, only
> qobject_from_jsonf and qobject_from_jsonv.
>
> qobject_from_json passes a NULL va_list*, and then parse_escape in
> qobject/json-parser.c returns NULL before calling va_arg. Ultimately this
> produces a parse error.
That's a nicer way to fix this :-) I was assuming the attribute marking
was correct...
-- PMM