Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,joaoboni017%gmail.com@localhost
Subject: Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c
From: "Valery Ushakov via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Wed, 25 Feb 2026 01:05:01 +0000 (UTC)

The following reply was made to PR kern/60034; it has been noted by GNATS.

From: Valery Ushakov <uwe%stderr.spb.ru@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve
 security in ahd, ddb, and dev_verbose.c
Date: Wed, 25 Feb 2026 03:46:02 +0300

 Just a quick drive-by comment, I haven't actually looked at the code
 too closely.

 On Tue, Feb 24, 2026 at 22:55:00 +0000, joaoboni017%gmail.com@localhost via gnats wrote:

 > This PR addresses several -Wformat-nonliteral warnings across
 > different subsystems (pci, ddb, and dev_verbose).  These warnings
 > are currently blocking the transition to a higher WARNS level
 > (WARNS=5) for these files.

 I haven't checked, but all of these variable format strings actually
 come from our own source code, so it's not _too_ bad.  And you can
 shut up gcc with something like:

 https://hg.sr.ht/~nbuwe/printf_checkformat/browse/printf_checkformat.c?rev=edc408c65ea3#L61

 /*
  * A do-nothing counterpart to printf_checkformat(3) (or fmtcheck(3))
  * that only supplies the __format_arg marker.  Actual check is
  * expected to have been done once, in advance.
  *
  *   printf(format_ok("%d", userfmt), arg);
  */
 __always_inline __format_arg(1)
 static inline const char *
 format_ok(const char *template, const char *userfmt)
 {
 	(void) template;
 	return userfmt;
 }

 > @@ -94,6 +103,14 @@ dev_findproduct(char *buf, size_t len, const char *words, size_t nwords,
 >  		while (n < nproducts && products[n] != 0)
 >  			n++;
 >  	}
 > -	snprintf(buf, len, fmt, product);
 > +    /*
 > +     * Avoid Wformat-nonliteral
 > +     */
 > +     if (fmt != NULL && strcmp(fmt, "0x%04x") == 0){
 > +        snprintf(buf, len, "0x%04x", product);
 > +    } else {
 > +        snprintf(buf, len, "0x%08x", product);
 > +    }
 > +

 This seems to completely ignore the formats passed to this function,
 like

 #define mii_id1_format	 "oui %6.6x"
 #define mii_id2_format	 "model %4.4x"

 -uwe

Prev by Date: Re: kern/59997: if_ure.c has a check to avoid setting hardware capabilities that's impossible to satisfy
Previous by Thread: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c
Indexes:

Home | Main Index | Thread Index | Old Index