* [PATCH] Check the format of more printf-type functions
@ 2009-11-14 21:33 Tarmigan Casebolt
2009-11-15 1:10 ` Miklos Vajna
2009-11-15 14:17 ` Alex Riesen
0 siblings, 2 replies; 3+ messages in thread
From: Tarmigan Casebolt @ 2009-11-14 21:33 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git, Tarmigan Casebolt, Miklos Vajna
We already have these checks in many printf-type functions that have
prototypes which are in header files. Add these same checks to some
more prototypes in header functions and to static functions in .c
files.
cc: Miklos Vajna <vmiklos@frugalware.org>
Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com>
---
Junio, please consider this for next. It will hopefully catch some bugs like
the Content-Length one in http-backend.c.
One extra warning is
CC merge-recursive.o
merge-recursive.c: In function âwrite_tree_from_memoryâ:
merge-recursive.c:218: warning: field precision should have type âintâ, but argument 5 has type âsize_tâ
A fix that might work in practice (because pathnames won't be longer than
an int?) is:
--- a/merge-recursive.c
+++ b/merge-recursive.c
@@ -215,7 +215,9 @@ struct tree *write_tree_from_memory(struct merge_options *o)
for (i = 0; i < active_nr; i++) {
struct cache_entry *ce = active_cache[i];
if (ce_stage(ce))
- output(o, 0, "%d %.*s", ce_stage(ce), ce_namelen(ce), ce->name);
+ output(o, 0, "%d %.*s", ce_stage(ce), (int)ce_namelen(ce), ce->name);
+ if (ce_namelen(ce) > INT_MAX)
+ die("A filename was too long");
}
return NULL;
}
but I don't think that is likely to be an acceptable fix, so I'm leaving
it for others to make a proper fix. Looks like Miklos touched that line
last, so perhaps he knows of a better fix.
builtin-fsck.c | 2 ++
builtin-update-index.c | 1 +
builtin-upload-archive.c | 1 +
cache.h | 2 ++
color.h | 2 ++
daemon.c | 2 ++
fsck.h | 1 +
imap-send.c | 6 ++++++
merge-recursive.c | 1 +
strbuf.h | 2 +-
10 files changed, 19 insertions(+), 1 deletions(-)
diff --git a/builtin-fsck.c b/builtin-fsck.c
index 2d88e45..0e5faae 100644
--- a/builtin-fsck.c
+++ b/builtin-fsck.c
@@ -47,6 +47,7 @@ static void objreport(struct object *obj, const char *severity,
fputs("\n", stderr);
}
+__attribute__((format (printf, 2, 3)))
static int objerror(struct object *obj, const char *err, ...)
{
va_list params;
@@ -57,6 +58,7 @@ static int objerror(struct object *obj, const char *err, ...)
return -1;
}
+__attribute__((format (printf, 3, 4)))
static int fsck_error_func(struct object *obj, int type, const char *err, ...)
{
va_list params;
diff --git a/builtin-update-index.c b/builtin-update-index.c
index 92beaaf..a6b7f2d 100644
--- a/builtin-update-index.c
+++ b/builtin-update-index.c
@@ -27,6 +27,7 @@ static int mark_valid_only;
#define MARK_VALID 1
#define UNMARK_VALID 2
+__attribute__((format (printf, 1, 2)))
static void report(const char *fmt, ...)
{
va_list vp;
diff --git a/builtin-upload-archive.c b/builtin-upload-archive.c
index c4cd1e1..b2d1259 100644
--- a/builtin-upload-archive.c
+++ b/builtin-upload-archive.c
@@ -67,6 +67,7 @@ static int run_upload_archive(int argc, const char **argv, const char *prefix)
return write_archive(sent_argc, sent_argv, prefix, 0);
}
+__attribute__((format (printf, 1, 2)))
static void error_clnt(const char *fmt, ...)
{
char buf[1024];
diff --git a/cache.h b/cache.h
index 7cec30e..9fdf122 100644
--- a/cache.h
+++ b/cache.h
@@ -964,7 +964,9 @@ extern void *alloc_object_node(void);
extern void alloc_report(void);
/* trace.c */
+__attribute__((format (printf, 1, 2)))
extern void trace_printf(const char *format, ...);
+__attribute__((format (printf, 2, 3)))
extern void trace_argv_printf(const char **argv, const char *format, ...);
/* convert.c */
diff --git a/color.h b/color.h
index 18abeb7..7d8da6f 100644
--- a/color.h
+++ b/color.h
@@ -29,7 +29,9 @@ int git_color_default_config(const char *var, const char *value, void *cb);
int git_config_colorbool(const char *var, const char *value, int stdout_is_tty);
void color_parse(const char *value, const char *var, char *dst);
void color_parse_mem(const char *value, int len, const char *var, char *dst);
+__attribute__((format (printf, 3, 4)))
int color_fprintf(FILE *fp, const char *color, const char *fmt, ...);
+__attribute__((format (printf, 3, 4)))
int color_fprintf_ln(FILE *fp, const char *color, const char *fmt, ...);
int color_fwrite_lines(FILE *fp, const char *color, size_t count, const char *buf);
diff --git a/daemon.c b/daemon.c
index 1b5ada6..641ebe1 100644
--- a/daemon.c
+++ b/daemon.c
@@ -77,6 +77,7 @@ static void logreport(int priority, const char *err, va_list params)
}
}
+__attribute__((format (printf, 1, 2)))
static void logerror(const char *err, ...)
{
va_list params;
@@ -85,6 +86,7 @@ static void logerror(const char *err, ...)
va_end(params);
}
+__attribute__((format (printf, 1, 2)))
static void loginfo(const char *err, ...)
{
va_list params;
diff --git a/fsck.h b/fsck.h
index 008456b..1e4f527 100644
--- a/fsck.h
+++ b/fsck.h
@@ -17,6 +17,7 @@ typedef int (*fsck_walk_func)(struct object *obj, int type, void *data);
/* callback for fsck_object, type is FSCK_ERROR or FSCK_WARN */
typedef int (*fsck_error)(struct object *obj, int type, const char *err, ...);
+__attribute__((format (printf, 3, 4)))
int fsck_error_function(struct object *obj, int type, const char *fmt, ...);
/* descend in all linked child objects
diff --git a/imap-send.c b/imap-send.c
index 6c9938a..854b6a4 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -102,13 +102,16 @@ struct msg_data {
static int Verbose, Quiet;
+__attribute__((format (printf, 1, 2)))
static void imap_info(const char *, ...);
+__attribute__((format (printf, 1, 2)))
static void imap_warn(const char *, ...);
static char *next_arg(char **);
static void free_generic_messages(struct message *);
+__attribute__((format (printf, 3, 4)))
static int nfsnprintf(char *buf, int blen, const char *fmt, ...);
static int nfvasprintf(char **strp, const char *fmt, va_list ap)
@@ -560,6 +563,7 @@ static struct imap_cmd *v_issue_imap_cmd(struct imap_store *ctx,
return cmd;
}
+__attribute__((format (printf, 3, 4)))
static struct imap_cmd *issue_imap_cmd(struct imap_store *ctx,
struct imap_cmd_cb *cb,
const char *fmt, ...)
@@ -573,6 +577,7 @@ static struct imap_cmd *issue_imap_cmd(struct imap_store *ctx,
return ret;
}
+__attribute__((format (printf, 3, 4)))
static int imap_exec(struct imap_store *ctx, struct imap_cmd_cb *cb,
const char *fmt, ...)
{
@@ -588,6 +593,7 @@ static int imap_exec(struct imap_store *ctx, struct imap_cmd_cb *cb,
return get_cmd_result(ctx, cmdp);
}
+__attribute__((format (printf, 3, 4)))
static int imap_exec_m(struct imap_store *ctx, struct imap_cmd_cb *cb,
const char *fmt, ...)
{
diff --git a/merge-recursive.c b/merge-recursive.c
index f55b7eb..d198312 100644
--- a/merge-recursive.c
+++ b/merge-recursive.c
@@ -86,6 +86,7 @@ static void flush_output(struct merge_options *o)
}
}
+__attribute__((format (printf, 3, 4)))
static void output(struct merge_options *o, int v, const char *fmt, ...)
{
int len;
diff --git a/strbuf.h b/strbuf.h
index d05e056..fa07ecf 100644
--- a/strbuf.h
+++ b/strbuf.h
@@ -117,7 +117,7 @@ struct strbuf_expand_dict_entry {
};
extern size_t strbuf_expand_dict_cb(struct strbuf *sb, const char *placeholder, void *context);
-__attribute__((format(printf,2,3)))
+__attribute__((format (printf,2,3)))
extern void strbuf_addf(struct strbuf *sb, const char *fmt, ...);
extern size_t strbuf_fread(struct strbuf *, size_t, FILE *);
--
1.6.5.52.g4544ce0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Check the format of more printf-type functions
2009-11-14 21:33 [PATCH] Check the format of more printf-type functions Tarmigan Casebolt
@ 2009-11-15 1:10 ` Miklos Vajna
2009-11-15 14:17 ` Alex Riesen
1 sibling, 0 replies; 3+ messages in thread
From: Miklos Vajna @ 2009-11-15 1:10 UTC (permalink / raw)
To: Tarmigan Casebolt; +Cc: Junio C Hamano, git, Alex Riesen
[-- Attachment #1: Type: text/plain, Size: 396 bytes --]
On Sat, Nov 14, 2009 at 01:33:13PM -0800, Tarmigan Casebolt <tarmigan+git@gmail.com> wrote:
> it for others to make a proper fix. Looks like Miklos touched that line
> last, so perhaps he knows of a better fix.
I just added struct merge_options, the real change is commit a97e407
(Keep rename/rename conflicts of intermediate merges while doing
recursive merge, 2007-03-31), adding Alex to Cc.
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Check the format of more printf-type functions
2009-11-14 21:33 [PATCH] Check the format of more printf-type functions Tarmigan Casebolt
2009-11-15 1:10 ` Miklos Vajna
@ 2009-11-15 14:17 ` Alex Riesen
1 sibling, 0 replies; 3+ messages in thread
From: Alex Riesen @ 2009-11-15 14:17 UTC (permalink / raw)
To: Tarmigan Casebolt; +Cc: Junio C Hamano, git, Miklos Vajna
On Sat, Nov 14, 2009 at 22:33, Tarmigan Casebolt <tarmigan+git@gmail.com> wrote:
> We already have these checks in many printf-type functions that have
> prototypes which are in header files. Add these same checks to some
> more prototypes in header functions and to static functions in .c
> files.
>
> cc: Miklos Vajna <vmiklos@frugalware.org>
> Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com>
> ---
>
> Junio, please consider this for next. It will hopefully catch some bugs like
> the Content-Length one in http-backend.c.
>
> One extra warning is
> CC merge-recursive.o
> merge-recursive.c: In function ‘write_tree_from_memory’:
> merge-recursive.c:218: warning: field precision should have type ‘int’, but argument 5 has type ‘size_t’
>
> A fix that might work in practice (because pathnames won't be longer than
> an int?) is:
> --- a/merge-recursive.c
> +++ b/merge-recursive.c
> @@ -215,7 +215,9 @@ struct tree *write_tree_from_memory(struct merge_options *o)
> for (i = 0; i < active_nr; i++) {
> struct cache_entry *ce = active_cache[i];
> if (ce_stage(ce))
> - output(o, 0, "%d %.*s", ce_stage(ce), ce_namelen(ce), ce->name);
> + output(o, 0, "%d %.*s", ce_stage(ce), (int)ce_namelen(ce), ce->name);
It'll do. The message is purely diagnostics.
> + if (ce_namelen(ce) > INT_MAX)
> + die("A filename was too long");
That's overdoing it a little.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-11-15 14:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-11-14 21:33 [PATCH] Check the format of more printf-type functions Tarmigan Casebolt
2009-11-15 1:10 ` Miklos Vajna
2009-11-15 14:17 ` Alex Riesen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).