Description of problem: Combination of -Wformat and -Werror=format-security flags (or -Wall and -Werror=format-security) does not behave consistently. Using 'gcc -Wformat -Werror=format-security' with the source file provided below reports error "format not a string literal and no format arguments" on line 7 as expected whereas 'gcc -Werror=format-security -Wformat' does not. Similar behavior can be observed with the -Wall flag instead of -Wformat. Version-Release number of selected component (if applicable): gcc-6.3.1-1.fc25.x86_64 How reproducible: always Steps to Reproduce: 1. $ cat formatsecurity.c #include <stdio.h> int main() { char message[10]; message[0]=0; printf(message); return 0; } 2. $ gcc -Wall -Werror=format-security formatsecurity.c 3. $ gcc -Wall -Werror=format-security -Wall formatsecurity.c 4. $ gcc -Werror=format-security -Wall formatsecurity.c Actual results: Error after step 2, silent run after steps 3 and 4. Expected results: Error message after each run of gcc. Either about vulnerable code or about wrong usage of flags. Adding -Wall should definitely not hide errors as in step 3.
Filed upstream: PR79677. In the mean time, use -Wformat-security -Werror=format-security instead of just -Werror=format-security and then it will work properly.
"-Wformat-security -Werror=format-security" gives "error: -Wformat-security ignored without -Wformat" "-Wformat -Wformat-security -Werror=format-security" works. Fun note: Fedora currently uses -Wall -Werror=format-security. While it is possible to get warnings with a right combination of flags (if you know...), it is a very strange feeling to fix rpm build errors by adding another -Wall. Surprisingly satisfying ;-)
Fixed in F26, not going to backport.