Bug 1037442

Summary: bogus error with -Werror=-Wformat-security ?
Product: [Fedora] Fedora Reporter: Ralf Corsepius <rc040203>
Component: gccAssignee: Jakub Jelinek <jakub>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: jakub, law
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-04 11:22:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ralf Corsepius 2013-12-03 07:44:24 UTC 
Description of problem:

Compile this code snippet with -Werror=-Wformat-security;

#include <stdio.h>

int main()
{
  const char text[] = "hallo world\n";
  const char *ptr1 = &text[0]; 

  fprintf( stdout, ptr1);

  fprintf( stdout, &text[0] );
  return 1;
}

gcc complains about the 1st fprintf, but doesn't complain about the 2nd one:

# gcc -Wall -Werror=format-security -o foo.o -c foo.c
foo.c: In function ‘main’:
foo.c:8:3: error: format not a string literal and no format arguments [-Werror=format-security]
   fprintf( stdout, ptr1);
   ^
cc1: some warnings being treated as errors



Version-Release number of selected component (if applicable):
gcc-4.8.2-1.fc19.x86_64

How reproducible:
Always.

Expected results:
I would expect GCC to either warn on both use case or on none. The current situation seems bogus to me.
Comment 1 Jakub Jelinek 2013-12-04 11:22:37 UTC 
This is not a bug.  The warning is emitted by the C/C++ frontends, so there are no optimizations (and at -O0 there wouldn't be any anyway) that would fold ptr1 into &text[0], ptr1 is not a string literal, it is a variable that in some other testcase could be changed to something completely different.