mesa: prevent common string formatting security issues

Adds a compile-time error for obvious security issues like:

  printf(string_var);

The proposed flag is more tolerant than -Wformat-nonliteral.
Specifically, it tolerates common mesa formatting like:

  static const char *shader_template = "really long string %d";
  printf(shader_template, uniform_number);

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=110833
Reviewed-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Eric Engestrom <eric@engestrom.ch>

diff --git a/meson.build b/meson.build
index 1d32d909c95ed7152edd46c4a4210b28b019dda3..949ab9700892a7cb4bad9be0e72b18fee83de5c1 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -849,6 +849,8 @@ c_args = []
 foreach a : ['-Werror=implicit-function-declaration',
              '-Werror=missing-prototypes', '-Werror=return-type',
              '-Werror=incompatible-pointer-types',
+             '-Werror=format',
+             '-Wformat-security',
              '-fno-math-errno',
              '-fno-trapping-math', '-Qunused-arguments']
   if cc.has_argument(a)
@@ -870,6 +872,8 @@ endif
 # Check for generic C++ arguments
 cpp_args = []
 foreach a : ['-Werror=return-type',
+             '-Werror=format',
+             '-Wformat-security',
              '-fno-math-errno', '-fno-trapping-math',
              '-Qunused-arguments']
   if cpp.has_argument(a)