RFR: 8373474: 2 Unintentional format string defect groups in jabswitch.cpp [v2]
Phil Race
prr at openjdk.org
Mon Dec 22 23:10:51 UTC 2025
On Mon, 22 Dec 2025 22:51:30 GMT, Alexander Zvegintsev <azvegint at openjdk.org> wrote:
>> I see your point. I'll leave it as separated again just in case the string literal is updated with anything that can be misinterpreted as a specifier.
>
>> I don't think it is what Alexander meant.
>
> Damon understood me correctly. That's what I meant.
> https://github.com/openjdk/jdk/pull/28949#discussion_r2640052922
>
>> I am not sure doing the above would even resolve the complaint because there's still no format string.
>
> It should.
>
> before:
> ```c++
> fprintf(origFile, str); // using `str` variable as format string > parfait complains
>
> after:
>
> ```c++
> fprintf(origFile,
> "assistive_technologies=com.sun.java.accessibility.AccessBridge\n"
> "screen_magnifier_present=true\n");
>
> Here, we provide a format string(without the format specifiers), not the variable.
> It's essentially identical to the code on line 301, `printf("Unable to get version info.\n");`, parfait didn't complain about that line.
>
>> if you really want to use the automatic concatenation, but I had to check to be sure it would work so ..
>
> It is in the standard, so I don't see any reason not to use it:
> https://en.cppreference.com/w/cpp/language/string_literal.html#Concatenation
>
> So, in my opinion, the variable str is unnecessary here.
>
> ---
>> just in case the string literal is updated with anything that can be misinterpreted as a specifier.
>
> I suppose it should be detected during the review process for such a change. Currently, there are no format specifiers being used.
OK fair enough.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28949#discussion_r2641483735
More information about the client-libs-dev
mailing list