From 85542c1c5c65ea73beb6d52b3ea5c38601313a3b Mon Sep 17 00:00:00 2001
From: Antonio Borneo <borneo.antonio@gmail.com>
Date: Sun, 12 Oct 2025 11:30:00 +0200
Subject: [PATCH] helper/log: mark 'fmt' argument of alloc_*printf() as not
 NULL

Even after commit e12ceddd5ee4 ("helper/log: mark `fmt` argument
of `alloc_vprintf()` as format string"), the GCC compiler still
reports that alloc_vprintf() could call vsnprintf() with a NULL
format parameter.

Inform the compiler that alloc_vprintf() cannot accept NULL as
format string.
Add an assert() in alloc_vprintf() so even compilers that do not
use the function attribute 'nonnull' will play safe.
While there, extend the same fixes to alloc_printf() too.

Change-Id: Idfa4fe9c6dfb2acfbf434c392237937ae03f0e8a
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reported-by: Parshintsev Anatoly <anatoly.parshintsev@syntacore.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/9166
Tested-by: jenkins
Reviewed-by: Anatoly P <anatoly.parshintsev@syntacore.com>
---
 src/helper/log.c | 2 ++
 src/helper/log.h | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/helper/log.c b/src/helper/log.c
index 2dada3540..7acb154c6 100644
--- a/src/helper/log.c
+++ b/src/helper/log.c
@@ -354,6 +354,8 @@ char *alloc_vprintf(const char *fmt, va_list ap)
 	int len;
 	char *string;
 
+	assert(fmt);
+
 	/* determine the length of the buffer needed */
 	va_copy(ap_copy, ap);
 	len = vsnprintf(NULL, 0, fmt, ap_copy);
diff --git a/src/helper/log.h b/src/helper/log.h
index 474d082ed..b8e3e339a 100644
--- a/src/helper/log.h
+++ b/src/helper/log.h
@@ -15,6 +15,7 @@
 #define OPENOCD_HELPER_LOG_H
 
 #include <helper/command.h>
+#include <helper/compiler.h>
 
 /* To achieve C99 printf compatibility in MinGW, gnu_printf should be
  * used for __attribute__((format( ... ))), with GCC v4.4 or later
@@ -86,9 +87,9 @@ int log_add_callback(log_callback_fn fn, void *priv);
 int log_remove_callback(log_callback_fn fn, void *priv);
 
 char *alloc_vprintf(const char *fmt, va_list ap)
-	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 0)));
+	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 0))) __nonnull((1));
 char *alloc_printf(const char *fmt, ...)
-	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 2)));
+	__attribute__ ((format (PRINTF_ATTRIBUTE_FORMAT, 1, 2))) __nonnull((1));
 
 const char *find_nonprint_char(const char *buf, unsigned int buf_len);