Re: linux-next: Tree for April 10 (arch/x86)

From: Ingo Molnar
Date: Mon Apr 14 2008 - 04:13:15 EST



* Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:

> On Fri, Apr 11, 2008 at 08:19:01AM -0700, Randy Dunlap wrote:
>
> > > It
> > > is a totally uninteresting warning that we pass in a narrower type to
> > > printk(). It cannot ever cause any bugs or problems. Why does gcc warn
> > > about it?
> >
> > No idea about that part.
>
> Er... That's kinda obvious - vararg function getting the wrong-sized
> argument is *NOT* a harmless situation. And yes, it's certainly a bug -
> gcc manages to recover by using the knowledge of printf() formats (i.e.
> it guesses that we want a long long and does conversion), but try to
> do
> char *s = "%llx %c";
> printf(s, 1, '.');
> and watch the show...

well, gcc does not "recover", we _gave_ it the format string as a
constant, and do so in 99.9% of the cases. It is a totally
well-specified thing.

so yes, this warning is bogus.

You are right that passing in a non-constant string to printf is
inherently dangerous though, and i'd suggest we warn about _that_ very
prominently.

but the constant noise from gcc about printf formats, where the
conversion is very clear and could be done implicitly, only hinders us
and only teaches people to _ignore_ gcc warnings - which is actually
very dangerous.

the only warning from gcc in this area should be where the format
results in information _loss_ (i.e. the format has a narrower type than
we pass into it) - there a warning is very much needed - and the
programmer should then fix the bug or add a cast.

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/