On Sunday 18 January 2009 08:28:51 Tom Lane wrote:
> Yeah, the risk this is trying to guard against is variables containing
> "%" unexpectedly. Even if that's not possible, it requires some work
> to verify and it's a bit fragile. I didn't look at the specific cases
> yet but in general I think this is a good policy.
-Wformat-security warns about
printf(var);
but not about
printf(var, a);
I don't understand that; the crash or exploit potential is pretty much the
same in both cases.
-Wformat-nonliteral warns about both cases. We have legitimate code that
requires this, however.
What would be helpful is a way to individually override the warning for the
rare code where you know what you are doing.