We've been very gradually adding G_GNUC_PRINTF annotations
to functions over years. This has been useful in detecting
certain malformed printf strings, or cases where we pass
user data as the printf format which is a potential security
flaw.
Given the inherant memory corruption danger in use of format
strings vs mis-matched variadic arguments, it is worth applying
G_GNUC_PRINTF to all functions using printf, even if we know
they are safe.
The compilers can reasonably reliably identify such places
with the -Wsuggest-attribute=format / -Wmissing-format-attribute
flags.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20221219130205.687815-7-berrange@redhat.com>
[-Wsuggest-attribute=format and -Wmissing-format-attribute are
synonyms, only include one; disable it for testfloat. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
add_to warn_flags -Wendif-labels
add_to warn_flags -Wexpansion-to-defined
add_to warn_flags -Wimplicit-fallthrough=2
+add_to warn_flags -Wmissing-format-attribute
nowarn_flags=
add_to nowarn_flags -Wno-initializer-overrides
'-Wno-missing-prototypes',
'-Wno-return-type',
'-Wno-unused-function',
+ '-Wno-missing-format-attribute',
'-Wno-error',
]