I just added -Werror=format to our makefiles, and I started getting some errors where we were passing non-literal format strings to printf-like functions. (Yeah, not the best idea, but it was mostly in tests, and other places where it's not actually a problem, this would be a breaking change)
So I also added -Wno-format-nonliteral, but it doesn't seem to do anything: https://godbolt.org/z/1x6YvY4d5
Actually, it seems that this option is kinda broken in clang? No warnings/errors from the following when compiling w/ -Wno-format-security -Wformat-nonliteral:
#include <cstring>
#include <cstdio>
using namespace std;
void foo() {
char buff[10];
printf(fgets(buff, sizeof(buff), stdin));
}