jio_snprintf and associated functions take format strings and arguments, but are not annotated as format functions in jvm.h, so the validation performed by gcc's -Wformat are not applied to them. They have the associated attributes on the definitions in the .cpp file, but that's fairly useless.
HotSpot code can (as ofJDK-8196882) instead use os::snprintf and friends, which have the associated attributes declared in os.hpp. It may be that HotSpot code should prefer the os functions.
However, that doesn't help non-HotSpot code that really does need to use the jio_ functions. And jvm.h doesn't seem to have the kind of platform-dependency layer that allows HotSpot to conditionally provide those attributes.
HotSpot code can (as of
However, that doesn't help non-HotSpot code that really does need to use the jio_ functions. And jvm.h doesn't seem to have the kind of platform-dependency layer that allows HotSpot to conditionally provide those attributes.
- relates to
-
JDK-5097226 Audit use of OS strings in native code for decoding errors
-
- Open
-
- links to
-
Review
openjdk/jdk/15918