Adds the -Wformat -Wformat-security -Werror=format-security
compiler options. At present, this warns about calls to printf
and scanf
functions where the format string is not a string literal and there are no format arguments, as in printf(foo). This may be a security hole if the format string came from untrusted input and contains %n.
-Wformat
is usually added with the -Wformat=2
option to be more stricter.