enforce use of G_GNUC_PRINTF attributes

We've been very gradually adding G_GNUC_PRINTF annotations
to functions over years. This has been useful in detecting
certain malformed printf strings, or cases where we pass
user data as the printf format which is a potential security
flaw.

Given the inherant memory corruption danger in use of format
strings vs mis-matched variadic arguments, it is worth applying
G_GNUC_PRINTF to all functions using printf, even if we know
they are safe.

The compilers can reasonably reliably identify such places
with the -Wsuggest-attribute=format / -Wmissing-format-attribute
flags.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20221219130205.687815-7-berrange@redhat.com>
[-Wsuggest-attribute=format and -Wmissing-format-attribute are
 synonyms, only include one; disable it for testfloat. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

2 files changed, 2 insertions, 0 deletions

diff --git a/configure b/configure
index 6f5e77a..643aed7 100755
--- a/configure
+++ b/configure
@@ -1183,6 +1183,7 @@ add_to warn_flags -Wnested-externs
 add_to warn_flags -Wendif-labels
 add_to warn_flags -Wexpansion-to-defined
 add_to warn_flags -Wimplicit-fallthrough=2
+add_to warn_flags -Wmissing-format-attribute
 
 nowarn_flags=
 add_to nowarn_flags -Wno-initializer-overrides
diff --git a/tests/fp/meson.build b/tests/fp/meson.build
index 6258e2b..312a4d3 100644
--- a/tests/fp/meson.build
+++ b/tests/fp/meson.build
@@ -37,6 +37,7 @@ tfcflags = [
   '-Wno-missing-prototypes',
   '-Wno-return-type',
   '-Wno-unused-function',
+  '-Wno-missing-format-attribute',
   '-Wno-error',
 ]