gstinfo: clang complains about nonstring literal passsed to g_vasprintf
When building a static build of GStreamer with -Dgst_debug=false
the following warning occurs.
[52/455] Compiling C object gst/libgstreamer-1.0.a.p/gstinfo.c.o
FAILED: gst/libgstreamer-1.0.a.p/gstinfo.c.o
clang -Igst/libgstreamer-1.0.a.p -Igst -I../gst -I. -I.. -Igst/parse -I../gst/parse -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -Xclang -fcolor-diagnostics -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -O2 -g -fvisibility=hidden -fno-strict-aliasing -DG_DISABLE_DEPRECATED -Wno-unused -Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wformat -Wformat-nonliteral -Wformat-security -Wold-style-definition -Winit-self -Wmissing-include-dirs -Waddress -Waggregate-return -Wno-multichar -Wdeclaration-after-statement -Wvla -Wpointer-arith -fPIC -pthread -DHAVE_CONFIG_H -DGST_STATIC_COMPILATION -D_GNU_SOURCE -DG_LOG_DOMAIN=g_log_domain_gstreamer -DGST_DISABLE_DEPRECATED -DBUILDING_GST -MD -MQ gst/libgstreamer-1.0.a.p/gstinfo.c.o -MF gst/libgstreamer-1.0.a.p/gstinfo.c.o.d -o gst/libgstreamer-1.0.a.p/gstinfo.c.o -c ../gst/gstinfo.c
../gst/gstinfo.c:2523:30: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
len = g_vasprintf (result, clean_format, args);
^~~~~~~~~~~~
1 error generated.
[65/455] Compiling C object gst/libgstreamer-1.0.a.p/gstpad.c.o
Which complains about this code block https://gitlab.freedesktop.org/gstreamer/gstreamer/-/blob/80f671207afc4086ca54117a99a51d9b4e750559/gst/gstinfo.c#L2494-2532
/* Need this for _gst_element_error_printf even if GST_REMOVE_DISABLED is set:
* fallback function that cleans up the format string and replaces all pointer
* extension formats with plain %p. */
#ifdef GST_DISABLE_GST_DEBUG
int
__gst_info_fallback_vasprintf (char **result, char const *format, va_list args)
{
gchar *clean_format, *c;
gsize len;
if (format == NULL)
return -1;
clean_format = g_strdup (format);
c = clean_format;
while ((c = strstr (c, "%p\a"))) {
if (c[3] < 'A' || c[3] > 'Z') {
c += 3;
continue;
}
len = strlen (c + 4);
memmove (c + 2, c + 4, len + 1);
c += 2;
}
while ((c = strstr (clean_format, "%P"))) /* old GST_PTR_FORMAT */
c[1] = 'p';
while ((c = strstr (clean_format, "%Q"))) /* old GST_SEGMENT_FORMAT */
c[1] = 'p';
len = g_vasprintf (result, clean_format, args);
g_free (clean_format);
if (*result == NULL)
return -1;
return len;
}
#endif
Of all the configurations we build this is only detected by static (happens with all buildtypes) builds with Clang (only tried 9.0+) while gst_debug
is disabled. Though it would have been expected such code to trigger on every build.
To reproduce its enough to do the following from a gst checkout
export CC=clang
export CXX=clang++
meson _build \
--default-library=static \
-Dgst_debug=false \
-Dwerror=true \
-Dintrospection=disabled \
-Ddoc=disabled
ninja -C _build
Any ideas what to do about this? It seems like we are in the wrong with the string substitution even though we are trying to sanitize it. Although I am a very very novice with C stuff in general.