[root6] TString.Form: warning: format string is not a string literal

hejb · December 12, 2017, 1:37pm

Hello,

I have a small function to make plots from a TTree:
void drawHist(TChain* chain, const char* variable, .. )

in which I also construct from the variable to make the fileName String, something like

 //...
 TString epsName;
 epsName.Form(variable);
 epsName += ".eps";
 //...

This works perfectly with root5, but now with root6, it always complain:

18: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
epsName.Form(variable);
^~~~~~~~
…C:107:18: note: treat the string as an argument to avoid this
epsName.Form(variable);
^
“%s”,

I know what it means, but is possible to fix this centrally? From the TString I see what I am doing is valid:
void Form(const char* fmt)

Thanks a lot!

couet · December 12, 2017, 1:45pm

void str( const char* variable) {
   TString epsName;
   epsName = Form("%s.eps",variable);
   cout  << epsName.Data() << endl;
}

$ root
   -----------------------------------------------------------------
  | Welcome to ROOT 6.13/01                     http://root.cern.ch |
  |                                    (c) 1995-2017, The ROOT Team |
  | Built for macosx64                                              |
  | From heads/master@v6-11-02-1137-g46afbaa, Dec 12 2017, 11:20:56 |
  | Try '.help', '.demo', '.license', '.credits', '.quit'/'.q'      |
   -----------------------------------------------------------------

root [0] .x str.C("file")
file.eps
root [1]

behrenhoff · December 12, 2017, 1:45pm

Where did you get the Form signature from?
From TString

void Form(const char *va_(fmt), …)
Formats a string using a printf style format descriptor.

So you have removed the “…” from the argument list. Form is like printf, i.e. it parses your input. In your case, it will fail as soon as you have a percent sign (%) in your variable.

I guess you do not need Form at all. Just use

TString epsName = variable;
epsName += ".eps";

(or similar code)

hejb · December 12, 2017, 1:58pm

@couet Being a lazy physicist… That’s why I asked whether this could be done centrally.
@behrenhoff Yes, it seems I do not need Form, “=” works perfect, at least it doesn’t complain. Thanks!

behrenhoff · December 12, 2017, 2:05pm

You have to fix it in your code, it cannot be done centrally. The way you did it works most of the time but is very error prone and should therefore be avoided. The warning (note: not an error) even tells you one way to fix it (as demonstrated by Olivier)

couet · December 12, 2017, 2:07pm

“Form” does more than just appending a string. You can do any text formatting.
The usage is different than the simple “=” . As your initial example had “Form” I made a working one with “Form” too …

system · December 26, 2017, 2:07pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.