Check format string security at compile-time

This enables various format string security checks by the compiler in
attempt to avoid run-time failures.

6 files changed, 12 insertions, 10 deletions

diff --git a/configure.ac b/configure.ac
index 9bdf0fb..4ea9d4a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,7 +69,7 @@ AS_IF(
     [AC_DEFINE(DEBUG_FACEBOOK, 1)
      AS_IF(
         [test "x$MINIMAL_FLAGS" == "xno"],
-        [CFLAGS="$CFLAGS -Wall -g -O0"]
+        [CFLAGS="$CFLAGS -Wall -Wformat-nonliteral -g -O0"]
     )]
 )
 
diff --git a/facebook/facebook-api.c b/facebook/facebook-api.c
index bc1623d..269cd92 100644
--- a/facebook/facebook-api.c
+++ b/facebook/facebook-api.c
@@ -453,7 +453,7 @@ static void fb_api_cb_publish_mr(fb_api_t *api, const GByteArray *pload)
 
     if (!g_queue_is_empty(api->msgs)) {
         msg = g_queue_peek_head(api->msgs);
-        fb_api_publish(api, "/send_message2", msg, NULL);
+        fb_api_publish(api, "/send_message2", "%s", msg);
     }
 
 finish:
@@ -1009,7 +1009,7 @@ void fb_api_message(fb_api_t *api, fb_id_t id, gboolean thread,
         "}", msg, tpfx, id, api->uid, msgid);
 
     if (g_queue_is_empty(api->msgs))
-        fb_api_publish(api, "/send_message2", rmsg, NULL);
+        fb_api_publish(api, "/send_message2", "%s", rmsg);
 
     g_queue_push_tail(api->msgs, rmsg);
 }
diff --git a/facebook/facebook-api.h b/facebook/facebook-api.h
index 6d5c9f2..3080125 100644
--- a/facebook/facebook-api.h
+++ b/facebook/facebook-api.h
@@ -293,7 +293,8 @@ void fb_api_rehash(fb_api_t *api);
 
 void fb_api_free(fb_api_t *api);
 
-void fb_api_error(fb_api_t *api, fb_api_error_t err, const gchar *fmt, ...);
+void fb_api_error(fb_api_t *api, fb_api_error_t err, const gchar *fmt, ...)
+    G_GNUC_PRINTF(3, 4);
 
 void fb_api_auth(fb_api_t *api, const gchar *user, const gchar *pass);
 
@@ -306,7 +307,8 @@ void fb_api_disconnect(fb_api_t *api);
 void fb_api_message(fb_api_t *api, fb_id_t id, gboolean thread,
                     const gchar *msg);
 
-void fb_api_publish(fb_api_t *api, const gchar *topic, const gchar *fmt, ...);
+void fb_api_publish(fb_api_t *api, const gchar *topic, const gchar *fmt, ...)
+    G_GNUC_PRINTF(3, 4);
 
 void fb_api_thread_create(fb_api_t *api, GSList *uids);
 
diff --git a/facebook/facebook-mqtt.c b/facebook/facebook-mqtt.c
index c2dba18..c703e9a 100644
--- a/facebook/facebook-mqtt.c
+++ b/facebook/facebook-mqtt.c
@@ -129,8 +129,7 @@ void fb_mqtt_close(fb_mqtt_t *mqtt)
  * @param fmt   The format string.
  * @param ...   The arguments for the format string.
  **/
-void fb_mqtt_error(fb_mqtt_t *mqtt, fb_mqtt_error_t err,
-                   const gchar *fmt, ...)
+void fb_mqtt_error(fb_mqtt_t *mqtt, fb_mqtt_error_t err, const gchar *fmt, ...)
 {
     gchar   *str;
     va_list  ap;
diff --git a/facebook/facebook-mqtt.h b/facebook/facebook-mqtt.h
index e279240..95115dd 100644
--- a/facebook/facebook-mqtt.h
+++ b/facebook/facebook-mqtt.h
@@ -229,8 +229,8 @@ void fb_mqtt_free(fb_mqtt_t *mqtt);
 
 void fb_mqtt_close(fb_mqtt_t *mqtt);
 
-void fb_mqtt_error(fb_mqtt_t *mqtt, fb_mqtt_error_t err,
-                   const gchar *fmt, ...);
+void fb_mqtt_error(fb_mqtt_t *mqtt, fb_mqtt_error_t err, const gchar *fmt, ...)
+    G_GNUC_PRINTF(3, 4);
 
 void fb_mqtt_read(fb_mqtt_t *mqtt, fb_mqtt_msg_t *msg);
 
diff --git a/facebook/facebook-util.h b/facebook/facebook-util.h
index 9bfb04f..fdf4434 100644
--- a/facebook/facebook-util.h
+++ b/facebook/facebook-util.h
@@ -46,7 +46,8 @@ gboolean fb_util_debugging(void);
 
 #ifdef DEBUG_FACEBOOK
 void fb_util_hexdump(const GByteArray *bytes, guint indent,
-                     const gchar *fmt, ...);
+                     const gchar *fmt, ...)
+    G_GNUC_PRINTF(3, 4);
 #else /* DEBUG_FACEBOOK */
 #define fb_util_hexdump(bs, i, f, ...)
 #endif /* DEBUG_FACEBOOK */