Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c

To: gnats-bugs%netbsd.org@localhost, kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c
From: Joao Bonifacio <joaoboni017%gmail.com@localhost>
Date: Fri, 27 Feb 2026 12:44:26 -0300

Hi Valery Ushakov, i wish you're fine.

Thanks for the feedback.

I agree that since these formats are internal, using a __format_arg
helper is a much more better way to satisfy WARNS=5 without breaking
flexibility or bloating the code with conditionals.

I will rework the three patches into a V2 using a format_ok inline
helper (or similar) to keep the original logic intact. This should also
solve the issues I was seeing with ixgbe.

I'll send the updated patches soon.


Em qua, 2026-02-25 às 01:05 +0000, Valery Ushakov via gnats escreveu:
> The following reply was made to PR kern/60034; it has been noted by
> GNATS.
> 
> From: Valery Ushakov <uwe%stderr.spb.ru@localhost>
> To: gnats-bugs%netbsd.org@localhost
> Cc: 
> Subject: Re: kern/60034: Eliminate -Wformat-nonliteral warnings and
> improve
>  security in ahd, ddb, and dev_verbose.c
> Date: Wed, 25 Feb 2026 03:46:02 +0300
> 
>  Just a quick drive-by comment, I haven't actually looked at the code
>  too closely.
>  
>  On Tue, Feb 24, 2026 at 22:55:00 +0000, joaoboni017%gmail.com@localhost via
> gnats wrote:
>  
>  > This PR addresses several -Wformat-nonliteral warnings across
>  > different subsystems (pci, ddb, and dev_verbose).  These warnings
>  > are currently blocking the transition to a higher WARNS level
>  > (WARNS=5) for these files.
>  
>  I haven't checked, but all of these variable format strings actually
>  come from our own source code, so it's not _too_ bad.  And you can
>  shut up gcc with something like:
>  
>  
> https://hg.sr.ht/~nbuwe/printf_checkformat/browse/printf_checkformat.c
> ?rev=edc408c65ea3#L61
>  
>  /*
>   * A do-nothing counterpart to printf_checkformat(3) (or
> fmtcheck(3))
>   * that only supplies the __format_arg marker.  Actual check is
>   * expected to have been done once, in advance.
>   *
>   *   printf(format_ok("%d", userfmt), arg);
>   */
>  __always_inline __format_arg(1)
>  static inline const char *
>  format_ok(const char *template, const char *userfmt)
>  {
>  	(void) template;
>  	return userfmt;
>  }
>  
>  
>  
>  > @@ -94,6 +103,14 @@ dev_findproduct(char *buf, size_t len, const
> char *words, size_t nwords,
>  >  		while (n < nproducts && products[n] != 0)
>  >  			n++;
>  >  	}
>  > -	snprintf(buf, len, fmt, product);
>  > +    /*
>  > +     * Avoid Wformat-nonliteral
>  > +     */
>  > +     if (fmt != NULL && strcmp(fmt, "0x%04x") == 0){
>  > +        snprintf(buf, len, "0x%04x", product);
>  > +    } else {
>  > +        snprintf(buf, len, "0x%08x", product);
>  > +    }
>  > +
>  
>  This seems to completely ignore the formats passed to this function,
>  like
>  
>  #define mii_id1_format	 "oui %6.6x"
>  #define mii_id2_format	 "model %4.4x"
>  
>  -uwe
>

References:
- Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c
  - From: Valery Ushakov via gnats

Prev by Date: Re: kern/60043: ACPI suspend does not work properly with ps/2 keyboard and track-pad
Next by Date: Re: kern/60043: ACPI suspend does not work properly with ps/2 keyboard and track-pad
Previous by Thread: Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c
Next by Thread: Re: kern/60034: Eliminate -Wformat-nonliteral warnings and improve security in ahd, ddb, and dev_verbose.c
Indexes:

Home | Main Index | Thread Index | Old Index