[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-5.1?] qapi/error: Check format string argument in error_p
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH-for-5.1?] qapi/error: Check format string argument in error_propagate_prepend() |
Date: |
Thu, 23 Jul 2020 12:04:19 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
On 7/23/20 11:44 AM, Stefan Weil wrote:
> Am 23.07.20 um 11:13 schrieb Philippe Mathieu-Daudé:
>
>> error_propagate_prepend() "behaves like error_prepend()", and
>> error_prepend() uses "formatting @fmt, ... like printf()".
>> error_prepend() checks its format string argument, but
>> error_propagate_prepend() does not. Fix that.
>>
>> This would have catched the invalid format introduced in commit
>> b98e8d1230f:
>>
>> CC hw/sd/milkymist-memcard.o
>> hw/sd/milkymist-memcard.c: In function ‘milkymist_memcard_realize’:
>> hw/sd/milkymist-memcard.c:284:70: error: format ‘%s’ expects a matching
>> ‘char *’ argument [-Werror=format=]
>> 284 | error_propagate_prepend(errp, err, "failed to init SD
>> card: %s");
>> |
>> ~^
>> |
>> |
>> |
>> char *
>>
>> Fixes: 4b5766488f ("Fix use of error_prepend() with &error_fatal,
>> &error_abort")
>> Inspired-by: Stefan Weil <sw@weilnetz.de>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>> include/qapi/error.h | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/include/qapi/error.h b/include/qapi/error.h
>> index 7932594dce..eeeef1a34d 100644
>> --- a/include/qapi/error.h
>> +++ b/include/qapi/error.h
>> @@ -381,6 +381,7 @@ void error_propagate(Error **dst_errp, Error *local_err);
>> * error_propagate(dst_errp, local_err);
>> * Please use ERRP_GUARD() and error_prepend() instead when possible.
>> */
>> +GCC_FMT_ATTR(3, 4)
>> void error_propagate_prepend(Error **dst_errp, Error *local_err,
>> const char *fmt, ...);
>>
>
>
> Reviewed-by: Stefan Weil <sw@weilnetz.de>
>
> error_vprepend is one more candidate for GCC_FMT_ATTR. Maybe you can add
> that, too.
This one is different as it uses a va_list. Now I realize it is
only called in util/error.c, and all its callers are guarded with
GCC_FMT_ATTR. Maybe we can make it static to simplify... Markus?
>
> Regards,
>
> Stefan
>
>