-
Type:
Task
-
Resolution: Done
-
Affects Version/s: None
-
Component/s: None
-
None
When compiling on my Mac I see the following warnings:
../src/log/log.c:1089:35: error: format string is not a string literal
[-Werror,-Wformat-nonliteral]
len = (size_t)vsnprintf(NULL, 0, fmt, ap_copy) + 1;
^~~
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/secure/_stdio.h:75:63: note:
expanded from macro 'vsnprintf'
__builtin___vsnprintf_chk (str, len, 0, __darwin_obsz(str), format, ap)
^
../src/log/log.c:1107:60: error: format string is not a string literal
[-Werror,-Wformat-nonliteral]
(void)vsnprintf((char *)logrec->data + logrec->size, len, fmt, ap);
^~~
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/secure/_stdio.h:75:63: note:
expanded from macro 'vsnprintf'
__builtin___vsnprintf_chk (str, len, 0, __darwin_obsz(str), format, ap)
In other places we have used the WT_GCC_FUNC_ATTRIBUTE((format (printf, 2, 3))) macro to remove such warnings. In this case, I believe the log_vprintf is actually called from a user level API. So the warning is probably indicating a real security issue.