GCC 4.0 includes a new warning option, -Wformat-literal, that emits

a warning when a variable is used as a format string for printf()
and similar functions (if the variable is derived from untrusted
data, it could include unexpected formatting sequences). This
emits too many warnings to be enabled by default, but it does
flag a few dubious constructs in the Postgres tree. This patch
fixes up the obvious variants: functions that are passed a variable
format string but no additional arguments.

This patch fixes a bug in pg_dump (triggers with formatting sequences
in their names are not dumped correctly) and some related pg_dump
code that looks dubious; cleanups for more harmless instances have
been applied to more recent branches.

diff --git a/src/bin/pg_dump/pg_backup_archiver.c b/src/bin/pg_dump/pg_backup_archiver.c
index e02d4572fbe56bc811e7821b9058aa5a4612b0f4..4afb011a4cf80d7b523de468f20ef769204567dc 100644 (file)
--- a/src/bin/pg_dump/pg_backup_archiver.c
+++ b/src/bin/pg_dump/pg_backup_archiver.c
@@ -15,7 +15,7 @@
  *
  *
  * IDENTIFICATION
- *             $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.62.2.5 2004/02/05 22:12:48 tgl Exp $
+ *             $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.62.2.6 2005/04/30 08:42:17 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -331,7 +331,7 @@ RestoreArchive(Archive *AHX, RestoreOptions *ropt)
                                                 * mode with libpq.
                                                 */
                                                if (te->copyStmt && strlen(te->copyStmt) > 0)
-                                                       ahprintf(AH, te->copyStmt);
+                                                       ahprintf(AH, "%s", te->copyStmt);
 
                                                (*AH->PrintTocDataPtr) (AH, te, ropt);
 
@@ -2122,7 +2122,7 @@ _reconnectAsUser(ArchiveHandle *AH, const char *dbname, const char *user)
                appendPQExpBuffer(qry, " %s\n\n",
                                                  fmtId(user));
 
-               ahprintf(AH, qry->data);
+               ahprintf(AH, "%s", qry->data);
 
                destroyPQExpBuffer(qry);
 

diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index 626b81af9a7b5420fb7e65125934d6d300fae009..159ddb742b3566c048c4332baaaac298d2010df1 100644 (file)
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -22,7 +22,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.305.2.10 2004/03/02 21:15:15 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.305.2.11 2005/04/30 08:42:17 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1035,7 +1035,7 @@ dumpClasses_dumpData(Archive *fout, char *oid, void *dctxv)
                                {
                                        if (field > 0)
                                                appendPQExpBuffer(q, ", ");
-                                       appendPQExpBuffer(q, fmtId(PQfname(res, field)));
+                                       appendPQExpBufferStr(q, fmtId(PQfname(res, field)));
                                }
                                appendPQExpBuffer(q, ") ");
                                archprintf(fout, "%s", q->data);
@@ -6292,12 +6292,12 @@ dumpTriggers(Archive *fout, TableInfo *tblinfo, int numTables)
                        if (tgisconstraint)
                        {
                                appendPQExpBuffer(query, "CREATE CONSTRAINT TRIGGER ");
-                               appendPQExpBuffer(query, fmtId(PQgetvalue(res, j, i_tgconstrname)));
+                               appendPQExpBufferStr(query, fmtId(PQgetvalue(res, j, i_tgconstrname)));
                        }
                        else
                        {
                                appendPQExpBuffer(query, "CREATE TRIGGER ");
-                               appendPQExpBuffer(query, fmtId(tgname));
+                               appendPQExpBufferStr(query, fmtId(tgname));
                        }
                        appendPQExpBuffer(query, "\n    ");
                        /* Trigger type */