Re: [RFC PATCH 7/7] drivers: hwmon: add runtime format string checking
From: Guenter Roeck
Date: Sat Oct 27 2018 - 13:44:51 EST
Hi,
On Sat, Oct 27, 2018 at 01:24:09AM +0200, Rasmus Villemoes wrote:
> With -Wformat-nonliteral, gcc complains
>
> drivers/hwmon/hwmon.c: In function âhwmon_genattrâ:
> drivers/hwmon/hwmon.c:282:6: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
> index + hwmon_attr_base(type));
>
> Add a runtime check to ensure that the template indeed has a single %d
> printf specifier. Using fmtcheck() also makes gcc verify that the
> expression 'index + hwmon_attr_base(type)' is suitable for %d.
>
> Signed-off-by: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
I'll defer to others on this one; let me know if the series is otherwise
accepted. Personally I think that the compiler is at fault here
for not detecting that the format string can not be wrong (since it
is declared and used only in this file), and I find the fmtcheck()
confusing/obfuscating.
Guenter
> ---
> drivers/hwmon/hwmon.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c
> index 33d51281272b..ec6f5f36b5fc 100644
> --- a/drivers/hwmon/hwmon.c
> +++ b/drivers/hwmon/hwmon.c
> @@ -278,7 +278,8 @@ static struct attribute *hwmon_genattr(struct device *dev,
> if (type == hwmon_chip) {
> name = (char *)template;
> } else {
> - scnprintf(hattr->name, sizeof(hattr->name), template,
> + scnprintf(hattr->name, sizeof(hattr->name),
> + fmtcheck(template, "type%dwhat", 0),
> index + hwmon_attr_base(type));
> name = hattr->name;
> }