On 2026-07-02 01:25, Syed Abdul Khaliq via tz wrote:
- sprintf(abbr, format, letters); + /* Expand FORMAT's lone "%s" (see inzsub) without treating + FORMAT, which comes from zone data, as a printf format string. */ + cp = strchr(format, '%'); + if (cp) { + char *dp = mempcpy(abbr, format, cp - format); + dp = mempcpy(dp, letters, strlen(letters)); + strcpy(dp, cp + 2); + } else + strcpy(abbr, format);
This doesn't fix any bugs, right? It merely pacifies 'gcc -Wformat=2 -Wformat-nonliteral'. That is, as I understand it, no matter what input the user supplies, the format contains at most one '%' byte and it's immediately followed by an 's' byte. Even if we have a multi-byte encoding in which a trailing byte of a character contains '%' (and although allowed by ISO C, I don't know of any real-world encodings that do that), as far as I can see no format can cause sprintf to overflow the output buffer. If so, I'm puzzled as to why the patch is useful. By my count there are eight other false positives in tzcode, i.e., places where 'gcc -Wformat=2 -Wformat-nonliteral' complains. This suggests that it's better to not use -Wformat-nonliteral. Complicating the code (as in the above) seems like a net loss by comparison.