Re: Fixes for compiler warnings

On Sunday 18 January 2009 08:28:51 Tom Lane wrote:
> Yeah, the risk this is trying to guard against is variables containing
> "%" unexpectedly.  Even if that's not possible, it requires some work
> to verify and it's a bit fragile.  I didn't look at the specific cases
> yet but in general I think this is a good policy.

-Wformat-security warns about
   printf(var);

but not about
   printf(var, a);

I don't understand that; the crash or exploit potential is pretty much the 
same in both cases.

-Wformat-nonliteral warns about both cases.  We have legitimate code that 
requires this, however.

What would be helpful is a way to individually override the warning for the 
rare code where you know what you are doing.