The function qobject_from_json() doesn't actually allow its
argument to be a format string -- it passes a NULL va_list*
to qobject_from_jsonv(), and the parser code will then never
actually interpret %-escape sequences (it tests whether the
va_list pointer is NULL and will stop with a parse error).
The spurious attribute markup causes clang warnings in some
of the test cases where we programmatically construct JSON
to feed to qobject_from_json():
tests/test-qmp-input-visitor.c:76:35: warning: format string is not a
string literal (potentially insecure) [-Wformat-security]
data->obj = qobject_from_json(json_string);
^~~~~~~~~~~
Remove the incorrect attribute.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
aa830cdc28