RFR: 8030350: Enable additional compiler warnings for GCC (original) (raw)

Magnus Ihse Bursie magnus.ihse.bursie at oracle.com
Wed Jan 8 04:28:26 PST 2014

• Previous message: RFR: 8030350 : (s) Enable additional compiler warnings for GCC
• Next message: JMM9 Project (Java Memory Model revisions for JDK9)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2013-12-18 15:13, Dmitry Samersoff wrote:

Mike,

1. I'm not sure -Wformat-security has any value for us - it checks for case printf(string) with no extra arguments, as it can cause buffer overrun if string comes from untrusted source.

Actually, it checks functions tagged as "format" functions. If you have your own implementation with a "printf-style" syntax (typically some kind of pre-/post-processing around sprintf etc), you can tag these functions as well, using e.g.

attribute ((format (printf, 2, 3)));

The best way to do this is to define a macro that expands to such an attribute definition on gcc, and empty for other compilers.

I have personally found this to be a great tool for catching format errors. It do require some initial effort of finding and tagging the "printf-style" functions, but then all uses of these are checked.

I do not know, however, if this is applicable to the jdk.

/Magnus

• Previous message: RFR: 8030350 : (s) Enable additional compiler warnings for GCC
• Next message: JMM9 Project (Java Memory Model revisions for JDK9)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the hotspot-dev mailing list