From e28489467233bff4500a70f8a7b22e42ca3b3e68 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 30 May 2012 12:14:38 -0400
Subject: Add __attribute__(format)s for our varargs printf/scanf wrappers

It turns out that if you set the third argument of
__attribute__(format) to 0, GCC and Clang will check the format
argument without expecting to find variadic arguments.  This is the
correct behavior for vsnprintf, vasprintf, and vscanf.

I'm hoping this will fix bug 5969 (a clang warning) by telling clang that
the format argument to tor_vasprintf is indeed a format string.
---
 src/common/compat.h | 5 +++--
 src/common/util.h   | 6 +++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/common')

diff --git a/src/common/compat.h b/src/common/compat.h
index d2f1fd1295..fc70caf50c 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -261,11 +261,12 @@ void tor_munmap_file(tor_mmap_t *handle) ATTR_NONNULL((1));
 int tor_snprintf(char *str, size_t size, const char *format, ...)
   CHECK_PRINTF(3,4) ATTR_NONNULL((1,3));
 int tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
-  ATTR_NONNULL((1,3));
+  CHECK_PRINTF(3,0) ATTR_NONNULL((1,3));
 
 int tor_asprintf(char **strp, const char *fmt, ...)
   CHECK_PRINTF(2,3);
-int tor_vasprintf(char **strp, const char *fmt, va_list args);
+int tor_vasprintf(char **strp, const char *fmt, va_list args)
+  CHECK_PRINTF(2,0);
 
 const void *tor_memmem(const void *haystack, size_t hlen, const void *needle,
                        size_t nlen)  ATTR_PURE ATTR_NONNULL((1,3));
diff --git a/src/common/util.h b/src/common/util.h
index b9db25ca73..d4771562ee 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -211,7 +211,11 @@ const char *escaped(const char *string);
 struct smartlist_t;
 void wrap_string(struct smartlist_t *out, const char *string, size_t width,
                  const char *prefix0, const char *prefixRest);
-int tor_vsscanf(const char *buf, const char *pattern, va_list ap);
+int tor_vsscanf(const char *buf, const char *pattern, va_list ap)
+#ifdef __GNUC__
+  __attribute__((format(scanf, 2, 0)))
+#endif
+  ;
 int tor_sscanf(const char *buf, const char *pattern, ...)
 #ifdef __GNUC__
   __attribute__((format(scanf, 2, 3)))
-- 
cgit v1.2.3-54-g00ecf


From 3a9351b57e528b1d0bd2e72bcf78db7c91b2ff8f Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 30 May 2012 19:57:02 -0400
Subject: Fix more clang format-nonliteral warnings (bug 5969)

---
 src/common/log.c |  7 +++++++
 src/or/control.c | 16 +++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

(limited to 'src/common')

diff --git a/src/common/log.c b/src/common/log.c
index ac98f13539..f2999f4e66 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -137,6 +137,13 @@ static void close_log(logfile_t *victim);
 
 static char *domain_to_string(log_domain_mask_t domain,
                              char *buf, size_t buflen);
+static INLINE char *format_msg(char *buf, size_t buf_len,
+           log_domain_mask_t domain, int severity, const char *funcname,
+           const char *format, va_list ap, size_t *msg_len_out)
+  CHECK_PRINTF(6,0);
+static void logv(int severity, log_domain_mask_t domain, const char *funcname,
+                 const char *format, va_list ap)
+  CHECK_PRINTF(4,0);
 
 /** Name of the application: used to generate the message we write at the
  * start of each new log. */
diff --git a/src/or/control.c b/src/or/control.c
index d6e693285c..8aa4240f12 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -126,6 +126,13 @@ typedef int event_format_t;
 static void connection_printf_to_buf(control_connection_t *conn,
                                      const char *format, ...)
   CHECK_PRINTF(2,3);
+static void send_control_event_impl(uint16_t event, event_format_t which,
+                                    const char *format, va_list ap)
+  CHECK_PRINTF(3,0);
+static int control_event_status(int type, int severity, const char *format,
+                                va_list args)
+  CHECK_PRINTF(3,0);
+
 static void send_control_done(control_connection_t *conn);
 static void send_control_event(uint16_t event, event_format_t which,
                                const char *format, ...)
@@ -3918,6 +3925,7 @@ control_event_my_descriptor_changed(void)
 static int
 control_event_status(int type, int severity, const char *format, va_list args)
 {
+  char *user_buf = NULL;
   char format_buf[160];
   const char *status, *sev;
 
@@ -3949,13 +3957,15 @@ control_event_status(int type, int severity, const char *format, va_list args)
       log_warn(LD_BUG, "Unrecognized status severity %d", severity);
       return -1;
   }
-  if (tor_snprintf(format_buf, sizeof(format_buf), "650 %s %s %s\r\n",
-                   status, sev, format)<0) {
+  if (tor_snprintf(format_buf, sizeof(format_buf), "650 %s %s\r\n",
+                   status, sev)<0) {
     log_warn(LD_BUG, "Format string too long.");
     return -1;
   }
+  tor_vasprintf(&user_buf, format, args);
 
-  send_control_event_impl(type, ALL_FORMATS, format_buf, args);
+  send_control_event(type, ALL_FORMATS, "%s %s", format_buf, user_buf);
+  tor_free(user_buf);
   return 0;
 }
 
-- 
cgit v1.2.3-54-g00ecf