let the compiler check format strings

i'll be AFK for a week, so here's the patch i've been using this
evening to find other format string mistakes. BSD uses __printflike
and takes two arguments instead of hard-coding (1,2), but i figured
that as long as you don't need the generality you'd prefer not to have
it. and it's easy enough to retrofit if we ever do have a formatting
function that takes other arguments.

diff --git a/lib/lib.h b/lib/lib.h
index a659b69..a183fd5 100644 (file)
--- a/lib/lib.h
+++ b/lib/lib.h
@@ -88,8 +88,8 @@ void *xzalloc(size_t size);
 void *xrealloc(void *ptr, size_t size);
 char *xstrndup(char *s, size_t n);
 char *xstrdup(char *s);
-char *xmprintf(char *format, ...);
-void xprintf(char *format, ...);
+char *xmprintf(char *format, ...) printf_format;
+void xprintf(char *format, ...) printf_format;
 void xputs(char *s);
 void xputc(char c);
 void xflush(void);
@@ -132,10 +132,10 @@ char *xtzset(char *new);
 
 // lib.c
 void verror_msg(char *msg, int err, va_list va);
-void error_msg(char *msg, ...);
-void perror_msg(char *msg, ...);
-void error_exit(char *msg, ...) noreturn;
-void perror_exit(char *msg, ...) noreturn;
+void error_msg(char *msg, ...) printf_format;
+void perror_msg(char *msg, ...) printf_format;
+void error_exit(char *msg, ...) printf_format noreturn;
+void perror_exit(char *msg, ...) printf_format noreturn;
 ssize_t readall(int fd, void *buf, size_t len);
 ssize_t writeall(int fd, void *buf, size_t len);
 off_t lskip(int fd, off_t offset);

diff --git a/lib/portability.h b/lib/portability.h
index 70e33bf..809f376 100644 (file)
--- a/lib/portability.h
+++ b/lib/portability.h
@@ -11,8 +11,10 @@
 
 #ifdef __GNUC__
 #define noreturn       __attribute__((noreturn))
+#define printf_format  __attribute__((format(printf, 1, 2)))
 #else
 #define noreturn
+#define printf_format
 #endif
 
 // Always use long file support.