Enable format string warnings for vb2ex_printf()
This patch enables the -Wformat warning and tags vb2ex_printf() with the
appropriate attribute so the compiler recognizes it as a printf variant.
This shows a bunch of (sometimes pretty bad) issues in existing code
that are hereby fixed.
Cannot enable -Wformat-security yet since a lot of code still uses
non-constant format strings and it's unclear whether we can/want to
change that in all circumstances (e.g. stuff like DoError()).
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I917a4982a97a668a5c0f793f7c771573f2bd3949
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2013857
diff --git a/Makefile b/Makefile
index b12029e..0c075e0 100644
--- a/Makefile
+++ b/Makefile
@@ -142,7 +142,7 @@
-Wundef -Wmissing-prototypes -Wno-trigraphs -Wredundant-decls -Wshadow \
-Wwrite-strings -Wstrict-aliasing -Wdate-time -Wno-unknown-warning \
-Wno-address-of-packed-member -ffunction-sections -fdata-sections \
- -Wimplicit-fallthrough ${DEBUG_FLAGS}
+ -Wimplicit-fallthrough -Wformat -Wno-format-security ${DEBUG_FLAGS}
# Note: FIRMWARE_ARCH is defined by the Chromium OS ebuild.
ifeq (${FIRMWARE_ARCH},arm)
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 52e5a4a..e8ce89d 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -804,6 +804,7 @@
* @param func Function name generating output, or NULL.
* @param fmt Printf format string
*/
+__attribute__((format(printf, 2, 3)))
void vb2ex_printf(const char *func, const char *fmt, ...);
/**
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c
index 109287c..c69f712 100644
--- a/futility/cmd_sign.c
+++ b/futility/cmd_sign.c
@@ -223,7 +223,7 @@
fprintf(stderr, "Unable to sign kernel blob\n");
return 1;
}
- VB2_DEBUG("vblock_size = 0x%" PRIx64 "\n", vblock_size);
+ VB2_DEBUG("vblock_size = %#x\n", vblock_size);
if (sign_option.create_new_outfile) {
/* Write out what we've been asked for */
diff --git a/futility/file_type_bios.c b/futility/file_type_bios.c
index 9d45269..7e805f5 100644
--- a/futility/file_type_bios.c
+++ b/futility/file_type_bios.c
@@ -467,7 +467,7 @@
state.area[c].buf = buf + ah->area_offset;
state.area[c].len = ah->area_size;
- VB2_DEBUG("%s() examining FMAP area %d (%s),"
+ VB2_DEBUG("examining FMAP area %d (%s),"
" offset=0x%08x len=0x%08x\n",
c, ah_name, ah->area_offset, ah->area_size);
diff --git a/futility/file_type_rwsig.c b/futility/file_type_rwsig.c
index c5616e5..bcccb2d 100644
--- a/futility/file_type_rwsig.c
+++ b/futility/file_type_rwsig.c
@@ -112,7 +112,7 @@
sig_size = fmaparea->area_size;
- VB2_DEBUG("Looking for signature at %#x (%#x)\n",
+ VB2_DEBUG("Looking for signature at %#tx (%#x)\n",
(uint8_t*)sig - buf, sig_size);
if (VB2_SUCCESS != vb21_verify_signature(sig, sig_size))
@@ -235,7 +235,7 @@
sig_size = fmaparea->area_size;
- VB2_DEBUG("Looking for signature at %#x (%#x)\n",
+ VB2_DEBUG("Looking for signature at %#tx (%#x)\n",
(uint8_t*)old_sig - buf, sig_size);
data = fmap_find_by_name(buf, len, fmap, "EC_RW",
diff --git a/futility/file_type_usbpd1.c b/futility/file_type_usbpd1.c
index 8065041..42cb62c 100644
--- a/futility/file_type_usbpd1.c
+++ b/futility/file_type_usbpd1.c
@@ -95,7 +95,7 @@
uint32_t rw_offset;
uint32_t r;
- VB2_DEBUG("%s(): name %s len 0x%08x (%d)\n", name, len, len);
+ VB2_DEBUG("name %s len %#.8x (%d)\n", name, len, len);
/* Get image locations */
if (!parse_size_opts(len, &ro_size, &rw_size, &ro_offset, &rw_offset))
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index 7439182..cdc3925 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -185,8 +185,8 @@
}
kernel32_size = kernel_size - kernel32_start;
- VB2_DEBUG(" kernel16_start=0x%" PRIx64 "\n", 0);
- VB2_DEBUG(" kernel16_size=0x%" PRIx64 "\n", kernel32_start);
+ VB2_DEBUG(" kernel16_start=%#x\n", 0);
+ VB2_DEBUG(" kernel16_size=%#x\n", kernel32_start);
/* Copy the original zeropage data from kernel_buf into
* g_param_data, then tweak a few fields for our purposes */
@@ -221,8 +221,8 @@
break;
}
- VB2_DEBUG(" kernel32_start=0x%" PRIx64 "\n", kernel32_start);
- VB2_DEBUG(" kernel32_size=0x%" PRIx64 "\n", kernel32_size);
+ VB2_DEBUG(" kernel32_start=%#x\n", kernel32_start);
+ VB2_DEBUG(" kernel32_size=%#x\n", kernel32_size);
/* Keep just the 32-bit kernel. */
if (kernel32_size) {
@@ -461,7 +461,7 @@
FILE *f;
/* Write the output file */
- VB2_DEBUG("writing %s with 0x%" PRIx64 ", 0x%" PRIx64 "\n",
+ VB2_DEBUG("writing %s with %#x, %#x\n",
outfile, part1_size, part2_size);
f = fopen(outfile, "wb");
@@ -674,7 +674,7 @@
* devices.
*/
g_kernel_blob_size = roundup(g_kernel_blob_size, CROS_ALIGN);
- VB2_DEBUG("g_kernel_blob_size 0x%" PRIx64 "\n", g_kernel_blob_size);
+ VB2_DEBUG("g_kernel_blob_size %#x\n", g_kernel_blob_size);
/* Allocate space for the blob. */
g_kernel_blob_data = malloc(g_kernel_blob_size);
@@ -682,22 +682,22 @@
/* Assign the sub-pointers */
g_kernel_data = g_kernel_blob_data + now;
- VB2_DEBUG("g_kernel_size 0x%" PRIx64 " ofs 0x%" PRIx64 "\n",
+ VB2_DEBUG("g_kernel_size %#x ofs %#x\n",
g_kernel_size, now);
now += roundup(g_kernel_size, CROS_ALIGN);
g_config_data = g_kernel_blob_data + now;
- VB2_DEBUG("g_config_size 0x%" PRIx64 " ofs 0x%" PRIx64 "\n",
+ VB2_DEBUG("g_config_size %#x ofs %#x\n",
g_config_size, now);
now += g_config_size;
g_param_data = g_kernel_blob_data + now;
- VB2_DEBUG("g_param_size 0x%" PRIx64 " ofs 0x%" PRIx64 "\n",
+ VB2_DEBUG("g_param_size %#x ofs %#x\n",
g_param_size, now);
now += g_param_size;
g_bootloader_data = g_kernel_blob_data + now;
- VB2_DEBUG("g_bootloader_size 0x%" PRIx64 " ofs 0x%" PRIx64 "\n",
+ VB2_DEBUG("g_bootloader_size %#x ofs %#x\n",
g_bootloader_size, now);
g_ondisk_bootloader_addr = kernel_body_load_address + now;
VB2_DEBUG("g_ondisk_bootloader_addr 0x%" PRIx64 "\n",
@@ -706,14 +706,14 @@
if (g_vmlinuz_header_size) {
g_vmlinuz_header_data = g_kernel_blob_data + now;
- VB2_DEBUG("g_vmlinuz_header_size 0x%" PRIx64 " ofs 0x%" PRIx64 "\n",
+ VB2_DEBUG("g_vmlinuz_header_size %#x ofs %#x\n",
g_vmlinuz_header_size, now);
g_ondisk_vmlinuz_header_addr = kernel_body_load_address + now;
VB2_DEBUG("g_ondisk_vmlinuz_header_addr 0x%" PRIx64 "\n",
g_ondisk_vmlinuz_header_addr);
}
- VB2_DEBUG("end of kern_blob at kern_blob+0x%" PRIx64 "\n", now);
+ VB2_DEBUG("end of kern_blob at kern_blob+%#x\n", now);
/* Copy the kernel and params bits into the correct places */
if (0 != PickApartVmlinuz(vmlinuz_buf, vmlinuz_size,
