Format non-string literal and format arguments [-Wformat-security]

Question

Format non-string literal and format arguments [-Wformat-security]

I'm not sure what is causing this error.

./lhapdf_wrap.cc: In function ‘void SWIG_Python_AddErrorMsg(const char*)’:
./lhapdf_wrap.cc:877:62: warning: too many arguments for format [-Wformat-extra-args]
     PyErr_Format(type, "%s", PyString_AsString(old_str), mesg);
                                                              ^
./lhapdf_wrap.cc:881:42: warning: format not a string literal and no format arguments [-Wformat-security]
     PyErr_Format(PyExc_RuntimeError, mesg);
                                          ^

Code:

SWIGRUNTIME void
SWIG_Python_AddErrorMsg(const char* mesg)
{
  PyObject *type = 0;
  PyObject *value = 0;
  PyObject *traceback = 0;

  if (PyErr_Occurred()) PyErr_Fetch(&type, &value, &traceback);
  if (value) {
    PyObject *old_str = PyObject_Str(value);
    PyErr_Clear();
    Py_XINCREF(type);
    PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg);
    Py_DECREF(old_str);
    Py_DECREF(value);
  } else {
    PyErr_Format(PyExc_RuntimeError, mesg);
  }
}

I looked at a string literal error, but is% s already present?

+3

c ++ python string format literals

tv49 27 oct. 14 at 22:42

source to share

1 answer

Marco A. · Accepted Answer · 2014-10-28T00:15:45+0000

Make string literal explicitly:

printf("%s", str);

The same warning can be reproduced with the following snippet :

#include <stdio.h>

int main()
{
    char str[] = "hello";
    printf(str);
}

main.cpp:6:12: warning: format string is not a string literal (potentially insecure) 
[-Wformat-security]

The compiler cannot check if it contains str

%s

.

The first warning has a mismatch: there are not enough format specifiers (such as another %s

) in the string literal, since two additional arguments follow.

Format non-string literal and format arguments [-Wformat-security]

More articles: