warning: format not a string literal and no format arguments

后端 未结 3 973
小蘑菇
小蘑菇 2020-11-27 04:27

I want to remove the warning that i get on this line of the code,

FILE *fil;
char *imp;
(...)
fprintf(fil,imp);

the thing is when i do thi

相关标签:
3条回答
  • 2020-11-27 04:30

    This warning is gcc's way of telling you that it cannot verify the format string argument to the printf style function (printf, fprintf... etc). This warning is generated when the compiler can't manually peek into the string and ensure that everything will go as you intend during runtime. Lets look at a couple of examples.

    Case 1. This string can be verified at compile time and the compiler will allow it without warning:

    printf("This string has no format");
    

    Case 2: For this case, the compiler can detect that you have a format specifier and will raise a different warning. On my machine it said "warning: too few arguments for format".

    // This will most probably crash your machine
    printf("Not a safe string to %s"); 
    

    Case 3. Now this is somewhat your case. You are taking a string generated at runtime and trying to print it. The warning you are getting is the compiler warning you that there could be a format specifier in the string. Say for eg "bad%sdata". In this case, the runtime will try to access a non-existent argument to match the %s. Even worse, this could be a user trying to exploit your program (causing it to read data that is not safe to read).

    char str[200];
    scanf("%s", str)
    printf(str)
    
    0 讨论(0)
  • 2020-11-27 04:41

    While technically there's nothing wrong with calling a printf-like function with a string, it is still bad practice because the string may contain format tokens like %s. If imp is %s test for example, bad things will happen.

    If you just want to print the imp without formatting, you should use fputs(imp, fil) (note the reversed arguments).

    0 讨论(0)
  • 2020-11-27 04:42

    I think the accepted answer explained it very well. Basically, as the documentation also indicates, the compiler can not guarantee that the string variable (in this case imp) is a string literal. You may disable this warning if you are not concerened with safety by puting

    #ifdef _WIN32
    #pragma warning (disable : 4774)
    #endif
    

    in the header of your code or in the CMake:

    if (CMAKE_C_COMPILER_ID STREQUAL "MSVC")
      set(CMAKE_C_FLAGS "/wd4774") 
    endif()
    
    0 讨论(0)
提交回复
热议问题