We've recently added missing __attribute__((format)) checking of
printf formats in various places, but in the case of strbuf_addftime()
we've intentionally omitted adding an:
__attribute__((format (strftime, 2, 0)))
There was a proposed change[1] to do that, but I agree that it's not
worth it, see e.g. [2] for the rationale. Let's add a comment to note
this.
1. http://lore.kernel.org/git/patch-4.6-3bf8637c16a-20210710T084445Z-avarab@xxxxxxxxx
2. https://lore.kernel.org/git/YOyhd%2FodtQxwQk2W@xxxxxxxxxxxxxxxxxxxxxxx/
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
---
strbuf.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/strbuf.h b/strbuf.h
index f1e9821a54..04952e94c4 100644
--- a/strbuf.h
+++ b/strbuf.h
@@ -425,6 +425,12 @@ void strbuf_vaddf(struct strbuf *sb, const char *fmt, va_list ap);
* with modifiers (e.g. %Ez) are passed to `strftime`.
* `suppress_tz_name`, when set, expands %Z internally to the empty
* string rather than passing it to `strftime`.
+ *
+ * Note: The omission of "__attribute__((format (strftime, [...])))"
+ * is intentional. As noted above we take %z and %Z which aren't
+ * portable. It would "work" anyway on modern compilers, but since
+ * this is mainly used in date.c (via"git log --date=<format>") we
+ * don't have any constant formats to check.
*/
void strbuf_addftime(struct strbuf *sb, const char *fmt,
const struct tm *tm, int tz_offset,
--
2.32.0-dev
