[PATCH] KEYS: trusted: fix -Wvarags warning

Nick Desaulniers ndesaulniers at google.com
Fri Oct 12 17:14:52 UTC 2018


On Fri, Oct 12, 2018 at 9:01 AM James Bottomley <jejb at linux.ibm.com> wrote:
>
> On Fri, 2018-10-12 at 10:53 -0500, Denis Kenzior wrote:
> > Hi James,
> >
> > > >   From the links provided in the patch it seems that one cannot
> > > > pass char/float/short to va_start().  Fair enough.  So if we make
> > > > h3 an unsigned int, the issue goes away, no?
> > >
> > > For the current version of clang, yes.  However, if we're fixing
> > > this for good a char * pointer is the only guaranteed thing because
> > > it mirrors current use in printf.
> > >
> >
> > All right.  I guess I wasn't aware that non-printf like variadic
> > functions are now considered harmful or of the impending crusade
> > against them :)
>
> It's not, it's just a maintainer issue: The original problem is because
> we coded for gcc specifically; it doesn't complain and does the right
> thing, so everyone was happy.  Now Clang comes along and is unhappy
> with this, so the question a good maintainer should ask is "how do I
> fix this so it never comes back again?", not "what's the easiest
> bandaid to get both Clang and gcc to work?" because the latter is how
> we got here in the first place.

Clang is simply pointing out that this is explicitly undefined
behavior by the C90 spec.  As such, not only may the implementation be
different between compilers, but it is free to change between versions
of the same compiler (I haven't witnessed such a case yet in my
limited career, but I would never say never when it comes to relying
on undefined behavior).

>
> James
>
> > But in the context of this patch, can we please use something less
> > invasive than changing all the arguments around?  Promoting h3 to a
> > bool (if possible) or int/unsigned int would get my vote.
> >
> > Regards,
> > -Denis
> >
>


-- 
Thanks,
~Nick Desaulniers



More information about the Linux-security-module-archive mailing list