From: Phil Pennock <pdp@exim.org>
Date: Sat, 19 May 2012 23:55:15 +0000 (-0400)
Subject: PRINTF_FUNCTION -> ALMOST_PRINTF.
X-Git-Tag: exim-4_80_RC3~14
X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=81f916832dd855953f614ca86a6e4ad898161564

PRINTF_FUNCTION -> ALMOST_PRINTF.

WANT_DEEPER_PRINTF_CHECKS guards ALMOST_PRINTF being PRINTF_FUNCTION.
Fix some actual issues exposed when I cut down on the spam.
---

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 620d87114..21f1ec747 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -129,6 +129,11 @@ PP/29 Fix three issues highlighted by clang analyser static analysis.
 
 PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
 
+PP/31 %D in printf continues to cause issues (-Wformat=security), so for
+      now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
+      As part of this, removing so much warning spew let me fix some minor
+      real issues in debug logging.
+
 
 Exim version 4.77
 -----------------
diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults
index 1e75a1e21..92a4cd348 100644
--- a/src/src/config.h.defaults
+++ b/src/src/config.h.defaults
@@ -167,6 +167,9 @@ it's a default value. */
 #define EXPERIMENTAL_SPF
 #define EXPERIMENTAL_SRS
 
+/* For developers */
+#define WANT_DEEPER_PRINTF_CHECKS
+
 /* Things that are not routinely changed but are nevertheless configurable
 just in case. */
 
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 10b63397e..d4ea2d868 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1213,7 +1213,7 @@ if (format != NULL)
   va_start(ap, format);
   if (!string_vformat(buffer, sizeof(buffer), CS format, ap))
     log_write(0, LOG_MAIN|LOG_PANIC_DIE,
-      "common_error expansion was longer than %d", sizeof(buffer));
+      "common_error expansion was longer than " SIZE_T_FMT, sizeof(buffer));
   va_end(ap);
   addr->message = string_copy(buffer);
   }
diff --git a/src/src/expand.c b/src/src/expand.c
index 70fb32c5e..84167b688 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -1527,8 +1527,8 @@ while (last > first)
     domain = Ustrrchr(s, '@');
     if (domain == NULL) return s;
     if (domain - s > sizeof(var_buffer) - 1)
-      log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
-        "string expansion", sizeof(var_buffer));
+      log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
+          " in string expansion", sizeof(var_buffer));
     Ustrncpy(var_buffer, s, domain - s);
     var_buffer[domain - s] = 0;
     return var_buffer;
diff --git a/src/src/functions.h b/src/src/functions.h
index 78f095adc..cf8c54fe9 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -325,7 +325,7 @@ extern uschar *string_copy_malloc(uschar *);
 extern uschar *string_copylc(uschar *);
 extern uschar *string_copynlc(uschar *, int);
 extern uschar *string_dequote(uschar **);
-extern BOOL    string_format(uschar *, int, const char *, ...) PRINTF_FUNCTION(3,4);
+extern BOOL    string_format(uschar *, int, const char *, ...) ALMOST_PRINTF(3,4);
 extern uschar *string_format_size(int, uschar *);
 extern int     string_interpret_escape(uschar **);
 extern int     string_is_ip_address(uschar *, int *);
diff --git a/src/src/local_scan.h b/src/src/local_scan.h
index 19350bf41..057e4d428 100644
--- a/src/src/local_scan.h
+++ b/src/src/local_scan.h
@@ -188,6 +188,6 @@ extern void    smtp_printf(const char *, ...) PRINTF_FUNCTION(1,2);
 extern void    smtp_vprintf(const char *, va_list);
 extern uschar *string_copy(const uschar *);
 extern uschar *string_copyn(uschar *, int);
-extern uschar *string_sprintf(const char *, ...) PRINTF_FUNCTION(1,2);
+extern uschar *string_sprintf(const char *, ...) ALMOST_PRINTF(1,2);
 
 /* End of local_scan.h */
diff --git a/src/src/malware.c b/src/src/malware.c
index 890665483..7de913f49 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -1074,7 +1074,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking)
       cmdline_trigger_re = pcre_compile(CS cmdline_trigger, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
       if (cmdline_trigger_re == NULL) {
         log_write(0, LOG_MAIN|LOG_PANIC,
-                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger_re, rerror, roffset);
+                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger, rerror, roffset);
         return DEFER;
       };
 
@@ -1092,7 +1092,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking)
       cmdline_regex_re = pcre_compile(CS cmdline_regex, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
       if (cmdline_regex_re == NULL) {
         log_write(0, LOG_MAIN|LOG_PANIC,
-                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex_re, rerror, roffset);
+                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex, rerror, roffset);
         return DEFER;
       };
 
diff --git a/src/src/mytypes.h b/src/src/mytypes.h
index f8a738da6..964abf820 100644
--- a/src/src/mytypes.h
+++ b/src/src/mytypes.h
@@ -37,6 +37,12 @@ the arguments of printf-like functions. This is done by a macro. */
 #define ARG_UNUSED  /**/
 #endif
 
+#ifdef WANT_DEEPER_PRINTF_CHECKS
+#define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)
+#else
+#define ALMOST_PRINTF(A, B)
+#endif
+
 
 /* Some operating systems (naughtily, imo) include a definition for "uchar" in
 the standard header files, so we use "uschar". Solaris has u_char in
diff --git a/src/src/spool_mbox.c b/src/src/spool_mbox.c
index 635fb8df1..bdeb2b1a6 100644
--- a/src/src/spool_mbox.c
+++ b/src/src/spool_mbox.c
@@ -56,7 +56,7 @@ FILE *spool_mbox(unsigned long *mbox_file_size, uschar *source_file_override) {
     mbox_file = modefopen(mbox_path, "wb", SPOOL_MODE);
     if (mbox_file == NULL) {
       log_write(0, LOG_MAIN|LOG_PANIC, "%s", string_open_failed(errno,
-        "scan file %s", mbox_file));
+        "scan file %s", mbox_path));
       goto OUT;
     };
 
@@ -155,7 +155,7 @@ FILE *spool_mbox(unsigned long *mbox_file_size, uschar *source_file_override) {
   if (Ustat(mbox_path, &statbuf) != 0 ||
       (yield = Ufopen(mbox_path,"rb")) == NULL) {
     log_write(0, LOG_MAIN|LOG_PANIC, "%s", string_open_failed(errno,
-      "scan file %s", mbox_file));
+      "scan file %s", mbox_path));
     goto OUT;
   };
 
diff --git a/src/src/string.c b/src/src/string.c
index 9764d3e38..08e604594 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -716,7 +716,7 @@ uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
 va_start(ap, format);
 if (!string_vformat(buffer, sizeof(buffer), format, ap))
   log_write(0, LOG_MAIN|LOG_PANIC_DIE,
-    "string_sprintf expansion was longer than %d", sizeof(buffer));
+    "string_sprintf expansion was longer than " SIZE_T_FMT, sizeof(buffer));
 va_end(ap);
 return string_copy(buffer);
 }