diff --git a/ChangeLog b/ChangeLog index 5ca5dec74b..323120d911 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Wed Dec 17 18:10:51 +0100 2008 Jim Meyering + + let gcc's -Wformat do its job; avoid "make syntax-check" failure + * src/util.c (virAsprintf): Remove trailing space. + * src/util.h (virAsprintf): Use ATTRIBUTE_FORMAT. + * HACKING (Printf-style functions): New section. + Wed Dec 17 16:43:39 GMT 2008 Daniel P. Berrange * src/libvirt.c: Add missing checks for read-only connection diff --git a/HACKING b/HACKING index 3945833f29..e088da8628 100644 --- a/HACKING +++ b/HACKING @@ -247,6 +247,22 @@ are some special reasons why you cannot include these files explicitly. +Printf-style functions +====================== + +Whenever you add a new printf-style function, i.e., one with a format +string argument and following "..." in its prototype, be sure to use +gcc's printf attribute directive in the prototype. For example, here's +the one for virAsprintf, in util.h: + + int virAsprintf(char **strp, const char *fmt, ...) + ATTRIBUTE_FORMAT(printf, 2, 3); + +This makes it so gcc's -Wformat and -Wformat-security options can do +their jobs and cross-check format strings with the number and types +of arguments. + + Libvirt commiters guidelines ============================ diff --git a/src/util.c b/src/util.c index 12097d41aa..9eda378509 100644 --- a/src/util.c +++ b/src/util.c @@ -1158,7 +1158,7 @@ virParseNumber(const char **str) * * like asprintf but makes sure *strp == NULL on failure */ -int +int virAsprintf(char **strp, const char *fmt, ...) { va_list ap; diff --git a/src/util.h b/src/util.h index 3d603dc531..0475bd3569 100644 --- a/src/util.h +++ b/src/util.h @@ -112,7 +112,8 @@ int virMacAddrCompare (const char *mac1, const char *mac2); void virSkipSpaces(const char **str); int virParseNumber(const char **str); -int virAsprintf(char **strp, const char *fmt, ...); +int virAsprintf(char **strp, const char *fmt, ...) + ATTRIBUTE_FORMAT(printf, 2, 3); #define VIR_MAC_BUFLEN 6 #define VIR_MAC_PREFIX_BUFLEN 3