From f4577a00df264e376595c1aa032195d594f63e43 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 31 Aug 2016 23:29:00 +0300 Subject: [PATCH] netfilter.c: use literal string for printf format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TL;DR: this allows to check if printf argument types are valid. Apparently, gcc is not able to check if the printf arguments are in sync with the format string, it a string is not a literal. This can be seen by compiling the code with -Wformat-nonliteral: CC criu/netfilter.o criu/netfilter.c: In function ‘nf_connection_switch_raw’: criu/netfilter.c:80:4: error: format not a string literal, argument types not checked [-Werror=format-nonliteral] dip, (int)dst_port, sip, (int)src_port); Unfortunately we can't just add -Wformat-nonliteral to CFLAGS as there is at least one other place in the code what uses non-literal string as a format string for printf-like function. In this very case, though, there is no need to use a non-literal, so change it to a define. Signed-off-by: Kir Kolyshkin Signed-off-by: Pavel Emelyanov --- criu/netfilter.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/criu/netfilter.c b/criu/netfilter.c index ab01535a6..bb64148b3 100644 --- a/criu/netfilter.c +++ b/criu/netfilter.c @@ -21,8 +21,8 @@ static char buf[512]; * ANy brave soul to write it using xtables-devel? */ -static const char *nf_conn_cmd = "%s %s -t filter %s %s --protocol tcp " - "--source %s --sport %d --destination %s --dport %d -j DROP"; +#define NF_CONN_CMD "%s %s -t filter %s %s --protocol tcp " \ + "--source %s --sport %d --destination %s --dport %d -j DROP" static char iptable_cmd_ipv4[] = "iptables"; static char iptable_cmd_ipv6[] = "ip6tables"; @@ -73,7 +73,7 @@ static int nf_connection_switch_raw(int family, u32 *src_addr, u16 src_port, return -1; } - snprintf(buf, sizeof(buf), nf_conn_cmd, cmd, + snprintf(buf, sizeof(buf), NF_CONN_CMD, cmd, kdat.has_xtlocks ? "-w" : "", lock ? "-A" : "-D", input ? "INPUT" : "OUTPUT",