SZEDER Gábor <szeder.dev@xxxxxxxxx> writes: >> + fprintf(stdout, submodule_strategy_to_string(&update_strategy)); > > Various compilers warn about the potential insecurity of the above > call: > > CC builtin/submodule--helper.o > builtin/submodule--helper.c: In function ‘module_update_module_mode’: > builtin/submodule--helper.c:1502:2: error: format not a string literal and no format arguments [-Werror=format-security] > fprintf(stdout, submodule_strategy_to_string(&update_strategy)); > ^ > cc1: all warnings being treated as errors > Makefile:2261: recipe for target 'builtin/submodule--helper.o' failed > make: *** [builtin/submodule--helper.o] Error 1 > > I think it should either use an explicit format string: > > fprintf(stdout, "%s", submodule_strategy_to_string(&update_strategy)); > > or, perhaps better yet, simply use fputs(). Sounds good.
