I am using the strftime function for a project and I pass to it a user supplied string instead of a string literal. Being overly cautious I compile by passing gcc every warning flag and because I am not passing a string literal to strftime I am getting a warning telling me I am using a non string literal.
I am assuming this is to prevent an uncontrolled format string vulnerability that the printf() function is vulnerable to. However investigating a bit I read that the vulnerability stems from printf() being a variadic function. However strftime() is not a variadic function.
Does passing a user supplied string open my program up to a vulnerability or is gcc warning overly cautious?
The correct answer is to constrain user input. That is, do not let them specify the format string. Instead, give them a set of choices that they may select from as part of their user preferences.
If you wish, hard-code the choices into a constant array. This will stop the compiler from complaining. (It will also prevent savvy users from getting around your protections by manually adding a bad value to the possible choices in the configuration file.)