[root6] TString.Form: warning: format string is not a string literal

Hello,

I have a small function to make plots from a TTree:
void drawHist(TChain* chain, const char* variable, .. )

in which I also construct from the variable to make the fileName String, something like

 //...
 TString epsName;
 epsName.Form(variable);
 epsName += ".eps";
 //...

This works perfectly with root5, but now with root6, it always complain:

18: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
epsName.Form(variable);
^~~~~~~~
…C:107:18: note: treat the string as an argument to avoid this
epsName.Form(variable);
^
"%s",

I know what it means, but is possible to fix this centrally? From the TString I see what I am doing is valid:
void Form(const char* fmt)

Thanks a lot!

void str( const char* variable) {
   TString epsName;
   epsName = Form("%s.eps",variable);
   cout  << epsName.Data() << endl;
}
$ root
   -----------------------------------------------------------------
  | Welcome to ROOT 6.13/01                     http://root.cern.ch |
  |                                    (c) 1995-2017, The ROOT Team |
  | Built for macosx64                                              |
  | From heads/master@v6-11-02-1137-g46afbaa, Dec 12 2017, 11:20:56 |
  | Try '.help', '.demo', '.license', '.credits', '.quit'/'.q'      |
   -----------------------------------------------------------------

root [0] .x str.C("file")
file.eps
root [1] 

Where did you get the Form signature from?
From https://root.cern.ch/root/html602/TString.html#TString:Form:

void Form(const char *va_(fmt), …)
Formats a string using a printf style format descriptor.

So you have removed the “…” from the argument list. Form is like printf, i.e. it parses your input. In your case, it will fail as soon as you have a percent sign (%) in your variable.

I guess you do not need Form at all. Just use

TString epsName = variable;
epsName += ".eps";

(or similar code)

@couet Being a lazy physicist… That’s why I asked whether this could be done centrally. :grinning:
@behrenhoff Yes, it seems I do not need Form, “=” works perfect, at least it doesn’t complain. Thanks!

You have to fix it in your code, it cannot be done centrally. The way you did it works most of the time but is very error prone and should therefore be avoided. The warning (note: not an error) even tells you one way to fix it (as demonstrated by Olivier)

“Form” does more than just appending a string. You can do any text formatting.
The usage is different than the simple “=” . As your initial example had “Form” I made a working one with “Form” too …

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.