Message ID | 20170911172022.4738-31-eblake@redhat.com |
---|---|
State | New |
Headers | show |
Series | Preliminary libqtest cleanups | expand |
* Eric Blake (eblake@redhat.com) wrote: > hmp() passes its string argument through the sprintf() family; > with a proper attribute, gcc -Wformat warns us when we do something > dangerous like passing a non-constant format string. Fortunately, > all our strings were safe, but checking whether the string can > contain an unintended % is easy to avoid and therefore worth doing. > > Signed-off-by: Eric Blake <eblake@redhat.com> > Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> > --- > v7: add GCC_FMT_ATTR here, drop R-b > --- > tests/libqtest.h | 8 ++++---- > tests/test-hmp.c | 4 ++-- > 2 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/tests/libqtest.h b/tests/libqtest.h > index 2a21bf4605..5651b77d2f 100644 > --- a/tests/libqtest.h > +++ b/tests/libqtest.h > @@ -153,14 +153,14 @@ QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event); > /** > * qtest_hmp: > * @s: #QTestState instance to operate on. > - * @fmt...: HMP command to send to QEMU > + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf(). > * > * Send HMP command to QEMU via QMP's human-monitor-command. > * QMP events are discarded. > * > * Returns: the command's output. The caller should g_free() it. > */ > -char *qtest_hmp(QTestState *s, const char *fmt, ...); > +char *qtest_hmp(QTestState *s, const char *fmt, ...) GCC_FMT_ATTR(2, 3); > > /** > * qtest_hmpv: > @@ -585,13 +585,13 @@ static inline QDict *qmp_eventwait_ref(const char *event) > > /** > * hmp: > - * @fmt...: HMP command to send to QEMU > + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf(). > * > * Send HMP command to QEMU via QMP's human-monitor-command. > * > * Returns: the command's output. The caller should g_free() it. > */ > -char *hmp(const char *fmt, ...); > +char *hmp(const char *fmt, ...) GCC_FMT_ATTR(1, 2); > > /** > * get_irq: > diff --git a/tests/test-hmp.c b/tests/test-hmp.c > index 7ff47eda13..b3102daea1 100644 > --- a/tests/test-hmp.c > +++ b/tests/test-hmp.c > @@ -80,7 +80,7 @@ static void test_commands(void) > if (verbose) { > fprintf(stderr, "\t%s\n", hmp_cmds[i]); > } > - response = hmp(hmp_cmds[i]); > + response = hmp("%s", hmp_cmds[i]); > g_free(response); > } > > @@ -103,7 +103,7 @@ static void test_info_commands(void) > if (verbose) { > fprintf(stderr, "\t%s\n", info); > } > - resp = hmp(info); > + resp = hmp("%s", info); > g_free(resp); > /* And move forward to the next line */ > info = strchr(endp + 1, '\n'); > -- > 2.13.5 > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
On 11.09.2017 19:20, Eric Blake wrote: > hmp() passes its string argument through the sprintf() family; > with a proper attribute, gcc -Wformat warns us when we do something > dangerous like passing a non-constant format string. Fortunately, > all our strings were safe, but checking whether the string can > contain an unintended % is easy to avoid and therefore worth doing. > > Signed-off-by: Eric Blake <eblake@redhat.com> > > --- > v7: add GCC_FMT_ATTR here, drop R-b > --- > tests/libqtest.h | 8 ++++---- > tests/test-hmp.c | 4 ++-- > 2 files changed, 6 insertions(+), 6 deletions(-) Reviewed-by: Thomas Huth <thuth@redhat.com>
diff --git a/tests/libqtest.h b/tests/libqtest.h index 2a21bf4605..5651b77d2f 100644 --- a/tests/libqtest.h +++ b/tests/libqtest.h @@ -153,14 +153,14 @@ QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event); /** * qtest_hmp: * @s: #QTestState instance to operate on. - * @fmt...: HMP command to send to QEMU + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf(). * * Send HMP command to QEMU via QMP's human-monitor-command. * QMP events are discarded. * * Returns: the command's output. The caller should g_free() it. */ -char *qtest_hmp(QTestState *s, const char *fmt, ...); +char *qtest_hmp(QTestState *s, const char *fmt, ...) GCC_FMT_ATTR(2, 3); /** * qtest_hmpv: @@ -585,13 +585,13 @@ static inline QDict *qmp_eventwait_ref(const char *event) /** * hmp: - * @fmt...: HMP command to send to QEMU + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf(). * * Send HMP command to QEMU via QMP's human-monitor-command. * * Returns: the command's output. The caller should g_free() it. */ -char *hmp(const char *fmt, ...); +char *hmp(const char *fmt, ...) GCC_FMT_ATTR(1, 2); /** * get_irq: diff --git a/tests/test-hmp.c b/tests/test-hmp.c index 7ff47eda13..b3102daea1 100644 --- a/tests/test-hmp.c +++ b/tests/test-hmp.c @@ -80,7 +80,7 @@ static void test_commands(void) if (verbose) { fprintf(stderr, "\t%s\n", hmp_cmds[i]); } - response = hmp(hmp_cmds[i]); + response = hmp("%s", hmp_cmds[i]); g_free(response); } @@ -103,7 +103,7 @@ static void test_info_commands(void) if (verbose) { fprintf(stderr, "\t%s\n", info); } - resp = hmp(info); + resp = hmp("%s", info); g_free(resp); /* And move forward to the next line */ info = strchr(endp + 1, '\n');
hmp() passes its string argument through the sprintf() family; with a proper attribute, gcc -Wformat warns us when we do something dangerous like passing a non-constant format string. Fortunately, all our strings were safe, but checking whether the string can contain an unintended % is easy to avoid and therefore worth doing. Signed-off-by: Eric Blake <eblake@redhat.com> --- v7: add GCC_FMT_ATTR here, drop R-b --- tests/libqtest.h | 8 ++++---- tests/test-hmp.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-)