Attribute "format printf" ignored

Rules and Languages Report False-positive / False-negative...
1

In the code base of one of our applications, written in C, we declare and define a function that uses variable arguments and ellipsis notation:

void xxx_message_dom(int dom, int user, int log, LogType type, int fatal, char const *format, …);

As expected, SonarQube signals a code smell due to the rule c:S923, that discourages the use of ellipsis notation since it bypasses the type checking performed by the compiler.
What I do not understand is why SonarQube does not recognize the ‘format’ attribute we attached to the function.

void xxx_message_dom(int dom, int user, int log, LogType type, int fatal, char const *format, …) attribute((format (printf, 6, 7)));

This attribute tells the compiler where to perform type checking and I can confirm that it works as expected in case of type mismatch with the format string (it prints the appropriate warnings).

IMHO the analysis should take this into account.

2

Hi,

For this false-negative report we need a few more details. I’ve moved this topic to the “Report False-positive / False-negative” category, and I need you to address the questions in that category’s topic template:

 
Thx,
Ann

3
  • What language is this for?

C

  • Which rule?

c:S923

  • Why do you believe it’s a false-positive/false-negative?

Because attribute((format (printf, 6, 7))) ; tells the compiler to perform type checking and it has been proven to be effective.

  • Are you using
    • SonarQube Cloud?
    • SonarQube Server / Community Build - which version?
    • SonarQube for IDE - which IDE/version?
      • in connected mode with SonarQube Server / Community Build or SonarQube Cloud?

I am using SonarQube for Visual Studio Code, but not in connected mode (since SonarQube Server is set to operate on another branch).

  • How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)

In test.h declare:

void xxx_message_dom (int dom, int user, int log, int type, int fatal, char const *format, … ) attribute((format (printf, 6, 7))) ;

In test.c define and use:

void xxx_message_dom (int dom, int user, int log, int type, int fatal, char const *format, … )
{
  va_list ap;

  // Insert something here to make use of dom, user, log, type, and fatal
  // so that SonarQube do not complain about unused arguments.

  va_start(ap, format);
  vprintf(format, ap);
  va_end(ap);
}
4

Hi,

Thanks for these details!

What’s your SonarQube for VSCode version? And if it’s not 4.26, can you upgrade and make sure this is still replicable?

 
Thx,
Ann

5

The SonarQube for Visual Studio Code in use is the 4.26.0.
I actually compile wrapping the make process with the build wrapper v6.62.

1 Like
7

Hi,

Thanks for the details! I’ve flagged this for the language experts.

 
Ann

9

Hi @lorenzo.buzzi,

We agree that we should exclude from the C version of the rule functions that are decorated in a way that allows compilers to detect argument mismatch. I created a ticket to add this exclusion.

Since such decoration is compiler-specific, and since the language provided better alternatives, we still intend to report such code for C++. Let us know what you think of that.

11

Hi @JolyLoic and thank you for your prompt answer.

I agree 100%.

1 Like