RFR: 8373474: 2 Unintentional format string defect groups in jabswitch.cpp [v2]

Alexey Ivanov aivanov at openjdk.org
Tue Dec 23 17:23:12 UTC 2025 

On Mon, 22 Dec 2025 23:07:19 GMT, Phil Race <prr at openjdk.org> wrote:

>>> I don't think it is what Alexander meant.
>> 
>> Damon understood me correctly. That's what I meant.
>> https://github.com/openjdk/jdk/pull/28949#discussion_r2640052922
>> 
>>> I am not sure doing the above would even resolve the complaint because there's still no format string.
>> 
>> It should.
>> 
>> before:
>> ```c++
>> fprintf(origFile, str); // using `str` variable as format string > parfait complains
>> 
>> after:
>> 
>> ```c++
>>   fprintf(origFile,
>>       "assistive_technologies=com.sun.java.accessibility.AccessBridge\n"
>>       "screen_magnifier_present=true\n"); 
>> 
>> Here, we provide a format string(without the format specifiers), not the variable.
>> It's essentially identical to the code on line 301, `printf("Unable to get version info.\n");`, parfait didn't complain about that line.
>> 
>>> if you really want to use the automatic concatenation, but I had to check to be sure it would work so ..
>> 
>> It is in the standard, so I don't see any reason not to use it:
>> https://en.cppreference.com/w/cpp/language/string_literal.html#Concatenation
>> 
>> So, in my opinion, the variable str is unnecessary here.
>> 
>> ---
>>>  just in case the string literal is updated with anything that can be misinterpreted as a specifier.
>> 
>> I suppose it should be detected during the review process for such a change. Currently, there are no format specifiers being used.
>
> OK fair enough.

Why can't we use [`fputs`](https://en.cppreference.com/w/c/io/fputs.html)?


                fputs("assistive_technologies=com.sun.java.accessibility.AccessBridge\n"
                      "screen_magnifier_present=true\n",
                      origFile);

No format strings avoid any possible ambiguity and it's much faster as the string is output verbatim without any additional logic to parse a format string and to process the arguments.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28949#discussion_r2643826617

More information about the client-libs-dev mailing list