Adds missing add missing __attribute__((format)) in various places,
which improves compile-time checking.
v2: Let's drop the whole bending over backwards to do mostly/entirely
useless strftime() checking. That's gone, I added a patch at the end
with a comment for strbuf_addftime() to say why it's not there, and
also split up the advise_if_enabled() change into its own commit.
I also removed the other cases of adding attribute checking to
compat/*. I can't easily test those, and I don't know if there's
potential bad interactions with git-compat-util.h.
Ævar Arnfjörð Bjarmason (6):
*.c static functions: don't forward-declare __attribute__
sequencer.c: move static function to avoid forward decl
*.c static functions: add missing __attribute__((format))
*.h: add a few missing __attribute__((format))
advice.h: add missing __attribute__((format)) & fix usage
strbuf.h: add a comment about "missing" strftime() checking
add-patch.c | 1 +
advice.h | 1 +
builtin/am.c | 1 +
builtin/bisect--helper.c | 2 +
builtin/index-pack.c | 4 +-
builtin/receive-pack.c | 5 +--
cache.h | 1 +
commit-graph.c | 1 +
.../osxkeychain/git-credential-osxkeychain.c | 1 +
.../wincred/git-credential-wincred.c | 1 +
gettext.c | 1 +
imap-send.c | 3 ++
mailmap.c | 1 +
merge-ort.c | 1 +
merge-recursive.c | 1 +
midx.c | 1 +
quote.h | 1 +
ref-filter.c | 1 +
sequencer.c | 43 +++++++++----------
server-info.c | 1 +
strbuf.h | 7 +++
t/helper/test-advise.c | 2 +-
worktree.c | 1 +
23 files changed, 53 insertions(+), 29 deletions(-)
Range-diff against v1:
1: a855bfceb2 = 1: a855bfceb2 *.c static functions: don't forward-declare __attribute__
2: 9c1492b006 = 2: 9c1492b006 sequencer.c: move static function to avoid forward decl
3: bc3fee3b7a ! 3: e2e039f481 *.c static functions: add missing __attribute__((format))
@@ commit-graph.c: int write_commit_graph(struct object_directory *odb,
{
va_list ap;
- ## compat/mingw.c ##
-@@ compat/mingw.c: static int read_yes_no_answer(void)
- return -1;
- }
-
-+__attribute__((format (printf, 1, 2)))
- static int ask_yes_no_if_possible(const char *format, ...)
- {
- char question[4096];
-
- ## compat/winansi.c ##
-@@ compat/winansi.c: static void winansi_exit(void)
- CloseHandle(hthread);
- }
-
-+__attribute__((format (printf, 1, 2)))
- static void die_lasterr(const char *fmt, ...)
- {
- va_list params;
-
## contrib/credential/osxkeychain/git-credential-osxkeychain.c ##
@@ contrib/credential/osxkeychain/git-credential-osxkeychain.c: static char *username;
static char *password;
4: 3bf8637c16 ! 4: fd70d512b4 *.h: add a few missing __attribute__((format))
@@ Metadata
## Commit message ##
*.h: add a few missing __attribute__((format))
- Add missing format attributes to those function that were missing
- them.
-
- In the case of advice_enabled() this revealed a trivial issue
- introduced in b3b18d16213 (advice: revamp advise API, 2020-03-02). We
- treated the argv[1] as a format string, but did not intend to do
- so. Let's use "%s" and pass argv[1] as an argument instead.
-
- For strbuf_addftime() let's add a strftime() format checker. Our
- function understands the non-portable %z and %Z, see
- c3fbf81a853 (strbuf: let strbuf_addftime handle %z and %Z itself,
- 2017-06-15).
-
- That might be an issue in theory, but in practice we have existing
- codepath that supplies a fixed string to strbuf_addftime(). We're
- unlikely to run into the "%z" and "%Z" case at all, since it's used by
- date.c and passed via e.g. "git log --date=<format>".
-
- In fact, we had no in-tree user of strbuf_addftime() with an inline
- fixed format string at all. A subsequent commit will tweak an existing
- one to use the format checking.
+ Add missing format attributes to API functions that take printf
+ arguments.
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
- ## advice.h ##
-@@ advice.h: int advice_enabled(enum advice_type type);
- /**
- * Checks the visibility of the advice before printing.
- */
-+__attribute__((format (printf, 2, 3)))
- void advise_if_enabled(enum advice_type type, const char *advice, ...);
-
- int error_resolve_conflict(const char *me);
-
## cache.h ##
@@ cache.h: enum get_oid_result {
};
@@ cache.h: enum get_oid_result {
int repo_get_oid_commit(struct repository *r, const char *str, struct object_id *oid);
int repo_get_oid_committish(struct repository *r, const char *str, struct object_id *oid);
- ## compat/win32/syslog.h ##
-@@
- #define LOG_DAEMON (3<<3)
-
- void openlog(const char *ident, int logopt, int facility);
-+__attribute__((format (printf, 2, 3)))
- void syslog(int priority, const char *fmt, ...);
-
- #endif /* SYSLOG_H */
-
## quote.h ##
@@ quote.h: struct strbuf;
@@ strbuf.h: static inline void strbuf_insertstr(struct strbuf *sb, size_t pos,
void strbuf_insertf(struct strbuf *sb, size_t pos, const char *fmt, ...);
/**
-@@ strbuf.h: void strbuf_vaddf(struct strbuf *sb, const char *fmt, va_list ap);
- * `suppress_tz_name`, when set, expands %Z internally to the empty
- * string rather than passing it to `strftime`.
- */
-+__attribute__((format (strftime, 2, 0)))
- void strbuf_addftime(struct strbuf *sb, const char *fmt,
- const struct tm *tm, int tz_offset,
- int suppress_tz_name);
-
- ## t/helper/test-advise.c ##
-@@ t/helper/test-advise.c: int cmd__advise_if_enabled(int argc, const char **argv)
- * selected here and in t0018 where this command is being
- * executed.
- */
-- advise_if_enabled(ADVICE_NESTED_TAG, argv[1]);
-+ advise_if_enabled(ADVICE_NESTED_TAG, "%s", argv[1]);
-
- return 0;
- }
5: daca344a16 < -: ---------- bugreport.c: tweak cmd_bugreport() to use __attribute__((printf))
6: 365c5cf50b < -: ---------- git-compat-util.h: add __attribute__((printf)) to git_*printf*
-: ---------- > 5: a001e851d2 advice.h: add missing __attribute__((format)) & fix usage
-: ---------- > 6: fe66e06754 strbuf.h: add a comment about "missing" strftime() checking
--
2.32.0-dev
