Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes:
> v2: Let's drop the whole bending over backwards to do mostly/entirely
> useless strftime() checking. That's gone, I added a patch at the end
> with a comment for strbuf_addftime() to say why it's not there, and
> also split up the advise_if_enabled() change into its own commit.
OK.
> I also removed the other cases of adding attribute checking to
> compat/*. I can't easily test those, and I don't know if there's
> potential bad interactions with git-compat-util.h.
Sensible.
> 3: bc3fee3b7a ! 3: e2e039f481 *.c static functions: add missing __attribute__((format))
> @@ commit-graph.c: int write_commit_graph(struct object_directory *odb,
> {
> va_list ap;
>
> - ## compat/mingw.c ##
> -@@ compat/mingw.c: static int read_yes_no_answer(void)
> - return -1;
> - }
> -
> -+__attribute__((format (printf, 1, 2)))
> - static int ask_yes_no_if_possible(const char *format, ...)
> - {
> - char question[4096];
> -
> - ## compat/winansi.c ##
> -@@ compat/winansi.c: static void winansi_exit(void)
> - CloseHandle(hthread);
> - }
> -
> -+__attribute__((format (printf, 1, 2)))
> - static void die_lasterr(const char *fmt, ...)
> - {
> - va_list params;
> -
> ## contrib/credential/osxkeychain/git-credential-osxkeychain.c ##
These refrain from touching some compat stuff, OK.
> 4: 3bf8637c16 ! 4: fd70d512b4 *.h: add a few missing __attribute__((format))
> @@ Metadata
> ## Commit message ##
> *.h: add a few missing __attribute__((format))
>
> - Add missing format attributes to those function that were missing
> - them.
> -
> - In the case of advice_enabled() this revealed a trivial issue
> - introduced in b3b18d16213 (advice: revamp advise API, 2020-03-02). We
> - treated the argv[1] as a format string, but did not intend to do
> - so. Let's use "%s" and pass argv[1] as an argument instead.
> -
> - For strbuf_addftime() let's add a strftime() format checker. Our
> - function understands the non-portable %z and %Z, see
> - c3fbf81a853 (strbuf: let strbuf_addftime handle %z and %Z itself,
> - 2017-06-15).
> -
> - That might be an issue in theory, but in practice we have existing
> - codepath that supplies a fixed string to strbuf_addftime(). We're
> - unlikely to run into the "%z" and "%Z" case at all, since it's used by
> - date.c and passed via e.g. "git log --date=<format>".
> -
> - In fact, we had no in-tree user of strbuf_addftime() with an inline
> - fixed format string at all. A subsequent commit will tweak an existing
> - one to use the format checking.
> + Add missing format attributes to API functions that take printf
> + arguments.
>
> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
OK. strftime() is gone.
> - ## advice.h ##
> -@@ advice.h: int advice_enabled(enum advice_type type);
> - /**
> - * Checks the visibility of the advice before printing.
> - */
> -+__attribute__((format (printf, 2, 3)))
> - void advise_if_enabled(enum advice_type type, const char *advice, ...);
This has become a separate one, because...?
OK, the addition to advise_if_enabled() reveals an existing iffy
caller, so you chose to fix it and to annotate the function at the
same time in a single commit at step [5/6]. Makes sense.
