You should use fputs(Usage, stderr);
There is no need to use fprintf if you arn't doing formatting. If you want to use fprintf, use fprintf(stderr, "%s", Usage);
The default compiler flags on Ubuntu includes -Wformat -Wformat-security
which is what gives this error.
That flag is used as a precaution against introducing security related bugs, imagine what
would happen if you somehow did this:
char *Usage = "Usage %s, [options] ... ";
...
fprintf(stderr, Usage);
This would be the same as
fprintf(stderr, "Usage %s, [options] ... ]");
which is wrong.
Now the Usage
string includes a format specifier, %s
, but you do not provide that argument to fprintf
, resulting in undefined behavior, possibly crashing your program or allowing it to be exploited. This is more relevant if the string you pass to fprintf comes from user input.
But if you do fprintf(stderr,"%s", "Usage %s, [options] ... ]");
There is no such problem. The 2. %s
will not be interpreted as a format specifer.
gcc can warn about this, and the default Ubuntu compiler flags makes it a compiler error.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…