+++ This bug was initially created as a clone of Bug #97357 +++
Bug #97357 specifically disables -Wsuggest-attribute warnings.
When I added the suggested attributes, I found a possible security vulnerability (Bug #98157) and some other bugs.
We should enable these compiler warnings, and let the compiler help us.
Testing <https://github.com/smcv/dbus/tree/suggest-attribute> on Travis-CI.
Some of these patches assume that the patches from Bug #97357 are applied first.
Created attachment 127185 [details] [review]
_dbus_listen_tcp_socket: correct format string
res is an integer, not a string.
Bug found by adding more _DBUS_GNUC_PRINTF attributes.
Created attachment 127186 [details] [review]
dbus_signature_validate: be sure to use a literal format string
This was not a security vulnerability because
_dbus_validity_to_error_message() doesn't return anything containing
"%", but the compiler can't know that.
Found by adding more _DBUS_GNUC_PRINTF attributes.
Created attachment 127187 [details] [review]
dbus-nonce: print sockets correctly
Since early 2015, a DBusSocket has been a struct containing either
an int or a pointer-sized Windows SOCKET. Print them with
"%" DBUS_SOCKET_FORMAT and _dbus_socket_printable().
Created attachment 127188 [details] [review]
Print errors parsing match rules correctly
Not an exploitable vulnerability, just incorrect output.
Created attachment 127189 [details] [review]
Print XML parse errors correctly
Created attachment 127190 [details] [review]
dbus-file-win: print a HANDLE correctly
HANDLEs are pointers, not integers.
Created attachment 127191 [details] [review]
dbus-launch-x11: print a window ID portably
On LP64 platforms, a Window is unsigned long.
Created attachment 127192 [details] [review]
test-privserver: avoid -Wformat-security
This is not a security vulnerability because it's test code that
should never be compiled in production.
Created attachment 127193 [details] [review]
test-segfault: mark exception_handler as NORETURN
It calls ExitProcess(), which is correctly detected as not returning.
Created attachment 127194 [details] [review]
Enable format, noreturn, unused attributes for clang
I'm assuming here that any version of clang will be new enough to
understand gcc 2.4 features, which seems rather safe.
Created attachment 127195 [details] [review]
Add missing format attributes suggested by -Wsuggest-attribute=format
Created attachment 127196 [details] [review]
Add missing function attributes suggested by clang (but not by gcc)
clang is a little more enthusiastic about suggesting these.
Created attachment 127197 [details] [review]
Configure the compiler to suggest useful function attributes
Requires Attachment #127179 [details] from Bug #97357.
Timed out, pushed unreviewed for 1.11.8. Please revert anything that is problematic.