6 
#include <stdio.h>

int main() {
  printf("Enter your name\n");
  char name[99];
  scanf("%d", name);
  printf("Hello %s\n", name);
}

While executing this simple program I mistakenly used %d instead of %s. But when I compiled the code using gcc, it didn't display any warnings. It simply created an output file.

$ gcc greet.c
$ ls
greet.c a.out
$

Whereas compiling this code with clang does display warnings. I am quite certain that gcc should have displayed warnings just like clang did without passing any arguments.
I recently switched from Ubuntu to Debian and I don't know if this is due to some missing dependency.

Some additional information

GCC version : gcc (Debian 8.3.0-6) 8.3.0
OS : Debian 10(Buster)
Improve this question

1 Answer 1

Reset to default
13

On GCC, format string checks are controlled by -Wformat, which isn’t enabled by default.

Building your code with -Wformat (or -Wall, which includes it) does warn:

$ gcc -Wformat    630368.c   -o 630368
630368.c: In function ‘main’:
630368.c:6:16: warning: format ‘%d’ expects argument of type ‘int *’, but argument 2 has type ‘char *’ [-Wformat=]
        scanf("%d", name);
               ~^   ~~~~
               %hhd

(with GCC 8), or

$ gcc -Wformat    630368.c   -o 630368
630368.c: In function ‘main’:
630368.c:6:16: warning: format ‘%d’ expects argument of type ‘int *’, but argument 2 has type ‘char *’ [-Wformat=]
    6 |        scanf("%d", name);
      |               ~^   ~~~~
      |                |   |
      |                |   char *
      |                int *
      |               %hhd

(with GCC 10).

Ubuntu ships GCC with custom specs which enable -Wformat by default; see gcc -dumpspecs:

*distro_defaults:
%{!fno-asynchronous-unwind-tables:-fasynchronous-unwind-tables} %{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}} %{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wformat} %{!Wno-format-security:-Wformat-security}}}} %{!fno-stack-clash-protection:-fstack-clash-protection} %{!fcf-protection*:%{!fno-cf-protection:-fcf-protection}}

(in particular %{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wformat} %{!Wno-format-security:-Wformat-security}}}}).

Improve this answer
6
  • Is there a way to add those dumpspecs in Debian as well? Commented Jan 22, 2021 at 8:36
  • 3
    You can copy the Ubuntu specs to a file, and tell gcc to use that with -specs=/path/to/ubuntu.specs, but that’s no easier than specifying -Wall or -Wformat. To change the default specs, you’d have to rebuild the GCC packages. Alternatively, export CFLAGS=-Wall CXXFLAGS=-Wall and always build with make’s built-in rules... Commented Jan 22, 2021 at 8:51
  • 3
    "Is there a way to add those dumpspecs in Debian as well?" - I would recommend that you don't; the default for gcc (almost everywhere) is very few warnings. You should use -Wall in your build procedure, to ensure the warnings are enabled, even if you reinstall, move distros, build your code on another computer, give someone else your code, etc. Also -Wall doesn't just enable these format warnings, it also enables many other essential warnings. Basically, with gcc (and most other C compilers), I consider -Wall non-optional. Or even -Werror. Commented Jan 22, 2021 at 22:18
  • 3
    You can just put it in /usr/lib/gcc/x86_64-linux-gnu/10/specs if you want it used by default (though distributions frown upon touching files there). But yes, as a developer, you should always use -Wall (possibly minus a few bad ones). Commented Jan 22, 2021 at 23:12
  • @StephenKitt debian does not ship a specs file, the default settings are hardcoded in the binary, so it is rather unlikely that your file would be overwritten. I would be more scared of adding broken specs, that prevent dkms from building kernel modules properly next time the kernel is updated. For that, a script ~/bin/gcc which calls gcc with your favorite options seems much safer, since it is only used by this user. Commented Jan 23, 2021 at 13:28

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.