Since these are only test cases and not potential attack vectors,
the simplest approach is simply to suppress this particular
compiler warning when compiling the relevant test cases.
Signed-off-by: Peter Maydell <address@hidden>
---
I couldn't think of a better way to do this...
tests/Makefile | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/tests/Makefile b/tests/Makefile
index b17d41e..496c02f 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -146,6 +146,17 @@ check-qapi-schema-y := $(addprefix tests/qapi-schema/, \
GENERATED_HEADERS += tests/test-qapi-types.h tests/test-qapi-visit.h
tests/test-qmp-commands.h
+# These tests use the qobject_from_json() function with programmatically
+# generated format strings; since this would otherwise trip clang's
+# format-security warnings and these are only test binaries, disable
+# the warnings when building them.
+JSON_USERS=check-qjson \
+ check-input-visitor \
+ test-qmp-input-visitor \
+ test-visitor-serialization
+
+$(JSON_USERS:%=tests/%.o): CFLAGS += -Wno-format-security
+
test-obj-y = tests/check-qint.o tests/check-qstring.o tests/check-qdict.o \
tests/check-qlist.o tests/check-qfloat.o tests/check-qjson.o \
tests/test-coroutine.o tests/test-string-output-visitor.o \