Re: [PATCH v2 0/6] add missing __attribute__((format))

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ævar Arnfjörð Bjarmason  <avarab@xxxxxxxxx> writes:

> v2: Let's drop the whole bending over backwards to do mostly/entirely
> useless strftime() checking. That's gone, I added a patch at the end
> with a comment for strbuf_addftime() to say why it's not there, and
> also split up the advise_if_enabled() change into its own commit.

OK.

> I also removed the other cases of adding attribute checking to
> compat/*. I can't easily test those, and I don't know if there's
> potential bad interactions with git-compat-util.h.

Sensible.

> 3:  bc3fee3b7a ! 3:  e2e039f481 *.c static functions: add missing __attribute__((format))
>     @@ commit-graph.c: int write_commit_graph(struct object_directory *odb,
>       {
>       	va_list ap;
>      
>     - ## compat/mingw.c ##
>     -@@ compat/mingw.c: static int read_yes_no_answer(void)
>     - 	return -1;
>     - }
>     - 
>     -+__attribute__((format (printf, 1, 2)))
>     - static int ask_yes_no_if_possible(const char *format, ...)
>     - {
>     - 	char question[4096];
>     -
>     - ## compat/winansi.c ##
>     -@@ compat/winansi.c: static void winansi_exit(void)
>     - 	CloseHandle(hthread);
>     - }
>     - 
>     -+__attribute__((format (printf, 1, 2)))
>     - static void die_lasterr(const char *fmt, ...)
>     - {
>     - 	va_list params;
>     -
>       ## contrib/credential/osxkeychain/git-credential-osxkeychain.c ##

These refrain from touching some compat stuff, OK.

> 4:  3bf8637c16 ! 4:  fd70d512b4 *.h: add a few missing  __attribute__((format))
>     @@ Metadata
>       ## Commit message ##
>          *.h: add a few missing  __attribute__((format))
>      
>     -    Add missing format attributes to those function that were missing
>     -    them.
>     -
>     -    In the case of advice_enabled() this revealed a trivial issue
>     -    introduced in b3b18d16213 (advice: revamp advise API, 2020-03-02). We
>     -    treated the argv[1] as a format string, but did not intend to do
>     -    so. Let's use "%s" and pass argv[1] as an argument instead.
>     -
>     -    For strbuf_addftime() let's add a strftime() format checker. Our
>     -    function understands the non-portable %z and %Z, see
>     -    c3fbf81a853 (strbuf: let strbuf_addftime handle %z and %Z itself,
>     -    2017-06-15).
>     -
>     -    That might be an issue in theory, but in practice we have existing
>     -    codepath that supplies a fixed string to strbuf_addftime(). We're
>     -    unlikely to run into the "%z" and "%Z" case at all, since it's used by
>     -    date.c and passed via e.g. "git log --date=<format>".
>     -
>     -    In fact, we had no in-tree user of strbuf_addftime() with an inline
>     -    fixed format string at all. A subsequent commit will tweak an existing
>     -    one to use the format checking.
>     +    Add missing format attributes to API functions that take printf
>     +    arguments.
>      
>          Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>

OK.  strftime() is gone.

>     - ## advice.h ##
>     -@@ advice.h: int advice_enabled(enum advice_type type);
>     - /**
>     -  * Checks the visibility of the advice before printing.
>     -  */
>     -+__attribute__((format (printf, 2, 3)))
>     - void advise_if_enabled(enum advice_type type, const char *advice, ...);

This has become a separate one, because...?

OK, the addition to advise_if_enabled() reveals an existing iffy
caller, so you chose to fix it and to annotate the function at the
same time in a single commit at step [5/6].  Makes sense.




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux