TinyXML does not compile on Yocto toolchain with -Werror=format-truncation

[sbaluja]

Using the following build flags, compilation fails due to unchecked null for format in the int TIXML_VSCPRINTF(const char*, va_list) inlined the parent 'virtual void tinyxml2::XMLPrinter::Print(const char*, ...)' call.

Build command:

cmake -DCMAKE_BUILD_TYPE=Debug \
        -Dtinyxml2_BUILD_TESTING=OFF \
        -DCMAKE_CXX_FLAGS="-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -fvisibility-inlines-hidden -Wno-deprecated-declarations -fno-var-tracking -Wno-psabi -fsanitize=address,undefined -fno-omit-frame-pointer -O2 -g -DNDEBUG -fPIC -fno-exceptions -std=c++11 -Wall -pedantic -Wextra -Werror -Wno-missing-field-initializers -Werror=format-truncation" \ \
        .. && \

Error logs:

2.350 In file included from /usr/include/stdio.h:980,
2.350                  from /usr/include/c++/13/cstdio:42,
2.350                  from /tinyxml2/tinyxml2.h:39,
2.350                  from /tinyxml2/tinyxml2.cpp:24:
2.350 In function 'int vsnprintf(char*, size_t, const char*, __gnuc_va_list)',
2.350     inlined from 'int TIXML_VSCPRINTF(const char*, va_list)' at /tinyxml2/tinyxml2.cpp:117:22,
2.350     inlined from 'virtual void tinyxml2::XMLPrinter::Print(const char*, ...)' at /tinyxml2/tinyxml2.cpp:2640:40:
2.350 /usr/include/aarch64-linux-gnu/bits/stdio2.h:68:36: error: null format string [-Werror=format-truncation=]
2.350    68 |   return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
2.350       |          ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.350    69 |                                     __glibc_objsize (__s), __fmt, __ap);
2.350       |                                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.845 cc1plus: all warnings being treated as errors
2.846 make[2]: *** [CMakeFiles/tinyxml2.dir/build.make:76: CMakeFiles/tinyxml2.dir/tinyxml2.cpp.o] Error 1
2.846 make[1]: *** [CMakeFiles/Makefile2:839: CMakeFiles/tinyxml2.dir/all] Error 2
2.846 make: *** [Makefile:146: all] Error 2

For reproduction, here is a dockerfile which consistently reproduces this compilation error:

FROM ubuntu:24.04

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
    libcurl4-openssl-dev \
    libssl-dev \
    ninja-build \
    libassuan-dev \
    build-essential \
    zlib1g-dev \
    cmake \
    git \
    && rm -rf /var/lib/apt/lists/*

RUN git clone --recurse-submodules https://github.com/leethomason/tinyxml2

RUN cd tinyxml2 &&\
    mkdir build && \
    cd build && \
    cmake -DCMAKE_BUILD_TYPE=Debug \
        -Dtinyxml2_BUILD_TESTING=OFF \
        -DCMAKE_CXX_FLAGS="-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -fvisibility-inlines-hidden -Wno-deprecated-declarations -fno-var-tracking -Wno-psabi -fsanitize=address,undefined -fno-omit-frame-pointer -O2 -g -DNDEBUG -fPIC -fno-exceptions -std=c++11 -Wall -pedantic -Wextra -Werror -Wno-missing-field-initializers -Werror=format-truncation" \ \
        .. && \
    make -j

Solution:
a quick check in the int TIXML_VSCPRINTF(const char*, va_list) function for null format string:

if (!format) {
    return 0;
}