Give every printf like function restrict for the format value

The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.

include/sudo_compat.h

@@ -422,32 +422,32 @@ sudo_dso_public int sudo_futimens(int fd, const struct timespec *times);
 # define futimens(_a, _b) sudo_futimens((_a), (_b))
 #endif /* HAVE_FUTIMENS */
 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
-sudo_dso_public int sudo_snprintf(char *str, size_t n, char const *fmt, ...) sudo_printflike(3, 4);
+sudo_dso_public int sudo_snprintf(char * restrict str, size_t n, char const * restrict fmt, ...) sudo_printflike(3, 4);
 # undef snprintf
 # define snprintf sudo_snprintf
 #endif /* HAVE_SNPRINTF */
 #if !defined(HAVE_VSNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
-sudo_dso_public int sudo_vsnprintf(char *str, size_t n, const char *fmt, va_list ap) sudo_printflike(3, 0);
+sudo_dso_public int sudo_vsnprintf(char * restrict str, size_t n, const char * restrict fmt, va_list ap) sudo_printflike(3, 0);
 # undef vsnprintf
 # define vsnprintf sudo_vsnprintf
 #endif /* HAVE_VSNPRINTF */
 #if !defined(HAVE_ASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
-sudo_dso_public int sudo_asprintf(char **str, char const *fmt, ...) sudo_printflike(2, 3);
+sudo_dso_public int sudo_asprintf(char ** restrict str, char const * restrict fmt, ...) sudo_printflike(2, 3);
 # undef asprintf
 # define asprintf sudo_asprintf
 #endif /* HAVE_ASPRINTF */
 #if !defined(HAVE_VASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
-sudo_dso_public int sudo_vasprintf(char **str, const char *fmt, va_list ap) sudo_printflike(2, 0);
+sudo_dso_public int sudo_vasprintf(char ** restrict str, const char * restrict fmt, va_list ap) sudo_printflike(2, 0);
 # undef vasprintf
 # define vasprintf sudo_vasprintf
 #endif /* HAVE_VASPRINTF */
 #ifndef HAVE_STRLCAT
-sudo_dso_public size_t sudo_strlcat(char *dst, const char *src, size_t siz);
+sudo_dso_public size_t sudo_strlcat(char * restrict dst, const char * restrict src, size_t siz);
 # undef strlcat
 # define strlcat(_a, _b, _c) sudo_strlcat((_a), (_b), (_c))
 #endif /* HAVE_STRLCAT */
 #ifndef HAVE_STRLCPY
-sudo_dso_public size_t sudo_strlcpy(char *dst, const char *src, size_t siz);
+sudo_dso_public size_t sudo_strlcpy(char * restrict dst, const char * restrict src, size_t siz);
 # undef strlcpy
 # define strlcpy(_a, _b, _c) sudo_strlcpy((_a), (_b), (_c))
 #endif /* HAVE_STRLCPY */

include/sudo_debug.h

@@ -274,13 +274,13 @@ sudo_dso_public int sudo_debug_get_active_instance_v1(void);
 sudo_dso_public int sudo_debug_get_fds_v1(unsigned char **fds);
 sudo_dso_public int sudo_debug_get_instance_v1(const char *program);
 sudo_dso_public int sudo_debug_parse_flags_v1(struct sudo_conf_debug_file_list *debug_files, const char *entry);
-sudo_dso_public void sudo_debug_printf2_v1(const char *func, const char *file, int line, unsigned int level, const char *fmt, ...) sudo_printf0like(5, 6);
-sudo_dso_public void sudo_debug_printf_nvm_v1(int pri, const char *fmt, ...) sudo_printf0like(2, 3);
+sudo_dso_public void sudo_debug_printf2_v1(const char *func, const char *file, int line, unsigned int level, const char * restrict fmt, ...) sudo_printf0like(5, 6);
+sudo_dso_public void sudo_debug_printf_nvm_v1(int pri, const char * restrict fmt, ...) sudo_printf0like(2, 3);
 sudo_dso_public int sudo_debug_register_v1(const char *program, const char *const subsystems[], unsigned int ids[], struct sudo_conf_debug_file_list *debug_files);
 sudo_dso_public int sudo_debug_register_v2(const char *program, const char *const subsystems[], unsigned int ids[], struct sudo_conf_debug_file_list *debug_files, int minfd);
 sudo_dso_public int sudo_debug_set_active_instance_v1(int inst);
 sudo_dso_public void sudo_debug_update_fd_v1(int ofd, int nfd);
-sudo_dso_public void sudo_debug_vprintf2_v1(const char *func, const char *file, int line, unsigned int level, const char *fmt, va_list ap) sudo_printf0like(5, 0);
+sudo_dso_public void sudo_debug_vprintf2_v1(const char *func, const char *file, int line, unsigned int level, const char * restrict fmt, va_list ap) sudo_printf0like(5, 0);
 sudo_dso_public void sudo_debug_write2_v1(int fd, const char *func, const char *file, int line, const char *str, unsigned int len, int errnum);
 sudo_dso_public bool sudo_debug_needed_v1(unsigned int level);
 

include/sudo_fatal.h

@@ -171,18 +171,18 @@ sudo_dso_public int  sudo_fatal_callback_deregister_v1(sudo_fatal_callback_t fun
 sudo_dso_public int  sudo_fatal_callback_register_v1(sudo_fatal_callback_t func);
 sudo_dso_public char *sudo_warn_gettext_v1(const char *domainname, const char *msgid) sudo_attr_fmt_arg(2);
 sudo_dso_public void sudo_warn_set_locale_func_v1(sudo_warn_setlocale_t func);
-sudo_noreturn sudo_dso_public void sudo_fatal_nodebug_v1(const char *fmt, ...) sudo_printf0like(1, 2);
-sudo_noreturn sudo_dso_public void sudo_fatalx_nodebug_v1(const char *fmt, ...) sudo_printflike(1, 2);
-sudo_noreturn sudo_dso_public void sudo_gai_fatal_nodebug_v1(int errnum, const char *fmt, ...) sudo_printflike(2, 3);
-sudo_noreturn sudo_dso_public void sudo_vfatal_nodebug_v1(const char *fmt, va_list ap) sudo_printf0like(1, 0);
-sudo_noreturn sudo_dso_public void sudo_vfatalx_nodebug_v1(const char *fmt, va_list ap) sudo_printflike(1, 0);
-sudo_noreturn sudo_dso_public void sudo_gai_vfatal_nodebug_v1(int errnum, const char *fmt, va_list ap) sudo_printflike(2, 0);
-sudo_dso_public void sudo_warn_nodebug_v1(const char *fmt, ...) sudo_printf0like(1, 2);
-sudo_dso_public void sudo_warnx_nodebug_v1(const char *fmt, ...) sudo_printflike(1, 2);
-sudo_dso_public void sudo_gai_warn_nodebug_v1(int errnum, const char *fmt, ...) sudo_printflike(2, 3);
-sudo_dso_public void sudo_vwarn_nodebug_v1(const char *fmt, va_list ap) sudo_printf0like(1, 0);
-sudo_dso_public void sudo_vwarnx_nodebug_v1(const char *fmt, va_list ap) sudo_printflike(1, 0);
-sudo_dso_public void sudo_gai_vwarn_nodebug_v1(int errnum, const char *fmt, va_list ap) sudo_printflike(2, 0);
+sudo_noreturn sudo_dso_public void sudo_fatal_nodebug_v1(const char * restrict fmt, ...) sudo_printf0like(1, 2);
+sudo_noreturn sudo_dso_public void sudo_fatalx_nodebug_v1(const char * restrict fmt, ...) sudo_printflike(1, 2);
+sudo_noreturn sudo_dso_public void sudo_gai_fatal_nodebug_v1(int errnum, const char * restrict fmt, ...) sudo_printflike(2, 3);
+sudo_noreturn sudo_dso_public void sudo_vfatal_nodebug_v1(const char * restrict fmt, va_list ap) sudo_printf0like(1, 0);
+sudo_noreturn sudo_dso_public void sudo_vfatalx_nodebug_v1(const char * restrict fmt, va_list ap) sudo_printflike(1, 0);
+sudo_noreturn sudo_dso_public void sudo_gai_vfatal_nodebug_v1(int errnum, const char * restrict fmt, va_list ap) sudo_printflike(2, 0);
+sudo_dso_public void sudo_warn_nodebug_v1(const char * restrict fmt, ...) sudo_printf0like(1, 2);
+sudo_dso_public void sudo_warnx_nodebug_v1(const char * restrict fmt, ...) sudo_printflike(1, 2);
+sudo_dso_public void sudo_gai_warn_nodebug_v1(int errnum, const char * restrict fmt, ...) sudo_printflike(2, 3);
+sudo_dso_public void sudo_vwarn_nodebug_v1(const char * restrict fmt, va_list ap) sudo_printf0like(1, 0);
+sudo_dso_public void sudo_vwarnx_nodebug_v1(const char * restrict fmt, va_list ap) sudo_printflike(1, 0);
+sudo_dso_public void sudo_gai_vwarn_nodebug_v1(int errnum, const char * restrict fmt, va_list ap) sudo_printflike(2, 0);
 sudo_dso_public void sudo_warn_set_conversation_v1(sudo_conv_t conv);
 
 #define sudo_fatal_callback_deregister(_a) sudo_fatal_callback_deregister_v1((_a))

include/sudo_lbuf.h

@@ -43,9 +43,9 @@ typedef int (*sudo_lbuf_output_t)(const char *);
 
 sudo_dso_public void sudo_lbuf_init_v1(struct sudo_lbuf *lbuf, sudo_lbuf_output_t output, unsigned int indent, const char *continuation, int cols);
 sudo_dso_public void sudo_lbuf_destroy_v1(struct sudo_lbuf *lbuf);
-sudo_dso_public bool sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char *fmt, ...) sudo_printflike(2, 3);
-sudo_dso_public bool sudo_lbuf_append_esc_v1(struct sudo_lbuf *lbuf, int flags, const char *fmt, ...) sudo_printflike(3, 4);
-sudo_dso_public bool sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char *fmt, ...) sudo_printflike(3, 4);
+sudo_dso_public bool sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char * restrict fmt, ...) sudo_printflike(2, 3);
+sudo_dso_public bool sudo_lbuf_append_esc_v1(struct sudo_lbuf *lbuf, int flags, const char * restrict fmt, ...) sudo_printflike(3, 4);
+sudo_dso_public bool sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char * restrict fmt, ...) sudo_printflike(3, 4);
 sudo_dso_public void sudo_lbuf_print_v1(struct sudo_lbuf *lbuf);
 sudo_dso_public bool sudo_lbuf_error_v1(struct sudo_lbuf *lbuf);
 sudo_dso_public void sudo_lbuf_clearerr_v1(struct sudo_lbuf *lbuf);

include/sudo_plugin.h

@@ -85,7 +85,7 @@ struct sudo_conv_callback {
 
 typedef int (*sudo_conv_t)(int num_msgs, const struct sudo_conv_message msgs[],
 	struct sudo_conv_reply replies[], struct sudo_conv_callback *callback);
-typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...);
+typedef int (*sudo_printf_t)(int msg_type, const char * restrict fmt, ...);
 
 /*
  * Hooks allow a plugin to hook into specific sudo and/or libc functions.

include/sudo_util.h

@@ -316,7 +316,7 @@ sudo_dso_public mode_t sudo_strtomode_v2(const char *cp, const char **errstr);
 #define sudo_strtomode(_a, _b) sudo_strtomode_v2((_a), (_b))
 
 /* sudo_printf.c */
-extern int (*sudo_printf)(int msg_type, const char *fmt, ...);
+extern int (*sudo_printf)(int msg_type, const char * restrict fmt, ...);
 
 /* term.c */
 sudo_dso_public bool sudo_term_cbreak_v1(int fd);

lib/eventlog/logwrap.c

@@ -33,7 +33,7 @@
 #include "sudo_eventlog.h"
 
 size_t
-eventlog_writeln(FILE *fp, char *line, size_t linelen, size_t maxlen)
+eventlog_writeln(FILE * restrict fp, char * restrict line, size_t linelen, size_t maxlen)
 {
     const char *indent = "";
     char *beg = line;

lib/util/fatal.c

@@ -57,7 +57,7 @@ static sudo_conv_t sudo_warn_conversation;
 static sudo_warn_setlocale_t sudo_warn_setlocale;
 static sudo_warn_setlocale_t sudo_warn_setlocale_prev;
 
-static void warning(const char *errstr, const char *fmt, va_list ap);
+static void warning(const char * restrict errstr, const char * restrict fmt, va_list ap);
 
 static void
 do_cleanup(void)
@@ -73,7 +73,7 @@ do_cleanup(void)
 }
 
 sudo_noreturn void
-sudo_fatal_nodebug_v1(const char *fmt, ...)
+sudo_fatal_nodebug_v1(const char * restrict fmt, ...)
 {
     va_list ap;
 
@@ -85,7 +85,7 @@ sudo_fatal_nodebug_v1(const char *fmt, ...)
 }
 
 sudo_noreturn void
-sudo_fatalx_nodebug_v1(const char *fmt, ...)
+sudo_fatalx_nodebug_v1(const char * restrict fmt, ...)
 {
     va_list ap;
 
@@ -97,23 +97,23 @@ sudo_fatalx_nodebug_v1(const char *fmt, ...)
 }
 
 sudo_noreturn void
-sudo_vfatal_nodebug_v1(const char *fmt, va_list ap)
+sudo_vfatal_nodebug_v1(const char * restrict fmt, va_list ap)
 {
     warning(strerror(errno), fmt, ap);
     do_cleanup();
     exit(EXIT_FAILURE);
 }
 
 sudo_noreturn void
-sudo_vfatalx_nodebug_v1(const char *fmt, va_list ap)
+sudo_vfatalx_nodebug_v1(const char * restrict fmt, va_list ap)
 {
     warning(NULL, fmt, ap);
     do_cleanup();
     exit(EXIT_FAILURE);
 }
 
 void
-sudo_warn_nodebug_v1(const char *fmt, ...)
+sudo_warn_nodebug_v1(const char * restrict fmt, ...)
 {
     va_list ap;
 
@@ -123,7 +123,7 @@ sudo_warn_nodebug_v1(const char *fmt, ...)
 }
 
 void
-sudo_warnx_nodebug_v1(const char *fmt, ...)
+sudo_warnx_nodebug_v1(const char * restrict fmt, ...)
 {
     va_list ap;
     va_start(ap, fmt);
@@ -132,19 +132,19 @@ sudo_warnx_nodebug_v1(const char *fmt, ...)
 }
 
 void
-sudo_vwarn_nodebug_v1(const char *fmt, va_list ap)
+sudo_vwarn_nodebug_v1(const char * restrict fmt, va_list ap)
 {
     warning(strerror(errno), fmt, ap);
 }
 
 void
-sudo_vwarnx_nodebug_v1(const char *fmt, va_list ap)
+sudo_vwarnx_nodebug_v1(const char * restrict fmt, va_list ap)
 {
     warning(NULL, fmt, ap);
 }
 
 sudo_noreturn void
-sudo_gai_fatal_nodebug_v1(int errnum, const char *fmt, ...)
+sudo_gai_fatal_nodebug_v1(int errnum, const char * restrict fmt, ...)
 {
     va_list ap;
 
@@ -156,15 +156,15 @@ sudo_gai_fatal_nodebug_v1(int errnum, const char *fmt, ...)
 }
 
 sudo_noreturn void
-sudo_gai_vfatal_nodebug_v1(int errnum, const char *fmt, va_list ap)
+sudo_gai_vfatal_nodebug_v1(int errnum, const char * restrict fmt, va_list ap)
 {
     warning(gai_strerror(errnum), fmt, ap);
     do_cleanup();
     exit(EXIT_FAILURE);
 }
 
 void
-sudo_gai_warn_nodebug_v1(int errnum, const char *fmt, ...)
+sudo_gai_warn_nodebug_v1(int errnum, const char * restrict fmt, ...)
 {
     va_list ap;
 
@@ -174,13 +174,13 @@ sudo_gai_warn_nodebug_v1(int errnum, const char *fmt, ...)
 }
 
 void
-sudo_gai_vwarn_nodebug_v1(int errnum, const char *fmt, va_list ap)
+sudo_gai_vwarn_nodebug_v1(int errnum, const char * restrict fmt, va_list ap)
 {
     warning(gai_strerror(errnum), fmt, ap);
 }
 
 static void
-warning(const char *errstr, const char *fmt, va_list ap)
+warning(const char * restrict errstr, const char * restrict fmt, va_list ap)
 {
     int cookie;
     const int saved_errno = errno;

lib/util/inet_ntop.c

@@ -70,7 +70,7 @@
  *	Paul Vixie, 1996.
  */
 static const char *
-inet_ntop4(const unsigned char *src, char *dst, socklen_t size)
+inet_ntop4(const unsigned char * restrict src, char * restrict dst, socklen_t size)
 {
 	const char fmt[] = "%u.%u.%u.%u";
 	int len;
@@ -91,7 +91,7 @@ inet_ntop4(const unsigned char *src, char *dst, socklen_t size)
  *	Paul Vixie, 1996.
  */
 static const char *
-inet_ntop6(const unsigned char *src, char *dst, socklen_t size)
+inet_ntop6(const unsigned char * restrict src, char * restrict dst, socklen_t size)
 {
 	/*
 	 * Note that int32_t and int16_t need only be "at least" large enough
@@ -210,7 +210,7 @@ inet_ntop6(const unsigned char *src, char *dst, socklen_t size)
  *	Paul Vixie, 1996.
  */
 const char *
-sudo_inet_ntop(int af, const void *src, char *dst, socklen_t size)
+sudo_inet_ntop(int af, const void * restrict src, char * restrict dst, socklen_t size)
 {
 	switch (af) {
 	case AF_INET:

lib/util/lbuf.c

@@ -145,7 +145,7 @@ escape(char ch, char *buf)
  * Any non-printable characters are escaped in octal as #0nn.
  */
 bool
-sudo_lbuf_append_esc_v1(struct sudo_lbuf *lbuf, int flags, const char *fmt, ...)
+sudo_lbuf_append_esc_v1(struct sudo_lbuf *lbuf, int flags, const char * restrict fmt, ...)
 {
     unsigned int saved_len = lbuf->len;
     bool ret = false;
@@ -220,7 +220,7 @@ sudo_lbuf_append_esc_v1(struct sudo_lbuf *lbuf, int flags, const char *fmt, ...)
  * Any characters in set are quoted with a backslash.
  */
 bool
-sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char *fmt, ...)
+sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char * restrict fmt, ...)
 {
     unsigned int saved_len = lbuf->len;
     bool ret = false;
@@ -279,7 +279,7 @@ sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char *
  * Parse the format and append strings, only %s, %n$s and %% escapes are supported.
  */
 bool
-sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char *fmt, ...)
+sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char * restrict fmt, ...)
 {
     unsigned int saved_len = lbuf->len;
     bool ret = false;

lib/util/snprintf.c

@@ -106,9 +106,9 @@ union arg {
 #endif
 };
 
-static int __find_arguments(const char *fmt0, va_list ap, union arg **argtable);
+static int __find_arguments(const char * restrict fmt0, va_list ap, union arg **argtable);
 static int __grow_type_table(unsigned char **typetable, int *tablesize);
-static int xxxprintf(char **, size_t, int, const char *, va_list);
+static int xxxprintf(char ** restrict, size_t, int, const char * restrict, va_list);
 
 #ifdef PRINTF_WIDE_CHAR
 /*
@@ -224,7 +224,7 @@ static int exponent(char *, int, int);
  * Actual printf innards.
   */
 static int
-xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap)
+xxxprintf(char ** restrict strp, size_t strsize, int alloc, const char * restrict fmt0, va_list ap)
 {
 	char *fmt;		/* format string */
 	int ch;			/* character from fmt */
@@ -1484,7 +1484,7 @@ exponent(char *p0, int exp, int fmtch)
 
 #if !defined(HAVE_VSNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
 int
-sudo_vsnprintf(char *str, size_t n, const char *fmt, va_list ap)
+sudo_vsnprintf(char * restrict str, size_t n, const char * restrict fmt, va_list ap)
 {
 	if (n > INT_MAX) {
 		errno = EOVERFLOW;
@@ -1497,7 +1497,7 @@ sudo_vsnprintf(char *str, size_t n, const char *fmt, va_list ap)
 
 #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
 int
-sudo_snprintf(char *str, size_t n, char const *fmt, ...)
+sudo_snprintf(char * restrict str, size_t n, char const * restrict fmt, ...)
 {
 	int ret;
 	va_list ap;
@@ -1516,7 +1516,7 @@ sudo_snprintf(char *str, size_t n, char const *fmt, ...)
 
 #if !defined(HAVE_VASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
 int
-sudo_vasprintf(char **str, const char *fmt, va_list ap)
+sudo_vasprintf(char ** restrict str, const char * restrict fmt, va_list ap)
 {
 	int ret;
 
@@ -1529,7 +1529,7 @@ sudo_vasprintf(char **str, const char *fmt, va_list ap)
 
 #if !defined(HAVE_ASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF)
 int
-sudo_asprintf(char **str, char const *fmt, ...)
+sudo_asprintf(char ** restrict str, char const * restrict fmt, ...)
 {
 	int ret;
 	va_list ap;

lib/util/strlcat.c

@@ -40,7 +40,7 @@
  * If retval >= dsize, truncation occurred.
  */
 size_t
-sudo_strlcat(char *dst, const char *src, size_t dsize)
+sudo_strlcat(char * restrict dst, const char * restrict src, size_t dsize)
 {
 	const char *odst = dst;
 	const char *osrc = src;

lib/util/strlcpy.c

@@ -38,7 +38,7 @@
  * Returns strlen(src); if retval >= dsize, truncation occurred.
  */
 size_t
-sudo_strlcpy(char *dst, const char *src, size_t dsize)
+sudo_strlcpy(char * restrict dst, const char * restrict src, size_t dsize)
 {
 	const char *osrc = src;
 	size_t nleft = dsize;