warning: format not a string literal and no format arguments
What does this mean? GCC is saying that a function in printf style has a format string that it cannot check matches the format arguments. Here is some common code GLib code that causes this error:
GError *error = ...;
Why is this a problem? As
error->messagecannot be checked it may contain a printf flag sequence, e.g.
"Invalid data: 'g^y#%s'"(i.e.
%s) that would cause run-time to try and access a non-existent argument. It could be worse and the format string could be user-input that is attempting to exploit your program.
So the solution is to always use a string literal for formatting like this: