Let me reproduce here for a wider audience my comments I have just posted in
the FESCo ticket:
IMHO, turning this warning into an error is a horribly flawed idea. It just
has way too many false positives. For example, here's the snippet it
complains about in Qt 3:
QString line;
line.fill( '-', 60 );
qDebug( line.ascii() );
As you can see, the format string being passed here is provably constant.
The code just avoids spelling out 60 dashes.
Using -Werror=anything is always a bad idea. Expecting maintainers to
actually go and patch the code for false positives rather than just adding
-Wno-error=format-security is also unrealistic.
There are also valid uses of variable format strings which cannot simply be
fixed by adding a "%s" (because they're actual format strings), think e.g. a
printf wrapper for logging which adds a timestamp in front of the format
string. Format strings could also be translatable. This flag makes our
compiler no longer comply to the C/C++ standards and breaks valid and
perfectly secure code.
Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
