Bug#997190: qrq: FTBFS: qrq.c:1073:31: error: format not a string literal and no format arguments [-Werror=format-security]
Source: qrq
Version: 0.3.3-3
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> gcc -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -D DESTDIR=\"/usr\" -D VERSION=\"0.3.3\" -I. -D PA -pthread -c pulseaudio.c
> qrq.c: In function ‘main’:
> qrq.c:262:24: warning: format ‘%d’ expects argument of type ‘int’, but argument 2 has type ‘long unsigned int’ [-Wformat=]
> 262 | printw("done. %d calls read.\n\n", nrofcalls);
> | ~^ ~~~~~~~~~
> | | |
> | int long unsigned int
> | %ld
> qrq.c: In function ‘update_parameter_dialog’:
> qrq.c:765:40: warning: format ‘%d’ expects argument of type ‘int’, but argument 6 has type ‘long unsigned int’ [-Wformat=]
> 765 | mvwprintw(conf_w,11,2, "Callsign database: %-15s"
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 766 | " d (%d)", basename(cbfilename),nrofcalls);
> | ~~~~~~~~~
> | |
> | long unsigned int
> qrq.c:766:52: note: format string is defined here
> 766 | " d (%d)", basename(cbfilename),nrofcalls);
> | ~^
> | |
> | int
> | %ld
> qrq.c: In function ‘close_summary_file’:
> qrq.c:1073:31: error: format not a string literal and no format arguments [-Werror=format-security]
> 1073 | mvwprintw(mid_w,14,2, filename);
> | ^~~~~~~~
> qrq.c: In function ‘update_score’:
> qrq.c:1086:41: warning: too many arguments for format [-Wformat-extra-args]
> 1086 | mvwprintw(top_w, 1, 27, "[training mode]", score);
> | ^~~~~~~~~~~~~~~~~
> qrq.c: In function ‘read_config’:
> qrq.c:1395:60: warning: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘long int’ [-Wformat=]
> 1395 | printw(" line %2d: sample rate: %d\n", line, samplerate);
> | ~^ ~~~~~~~~~~
> | | |
> | int long int
> | %ld
> qrq.c: In function ‘find_files’:
> qrq.c:1896:40: warning: too many arguments for format [-Wformat-extra-args]
> 1896 | printw("Files copied. You might want to edit "
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘check_toplist’:
> qrq.c:1752:9: warning: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
> 1752 | fgets(tmp, 35, fh);
> | ^~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘statistics’:
> qrq.c:1979:17: warning: ignoring return value of ‘system’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
> 1979 | system("gnuplot -p /tmp/qrq-plot 2> /dev/null &");
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘display_toplist’:
> qrq.c:967:16: warning: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
> 967 | (void) fgets(tmp, 34, fh); /* first line not used */
> | ^~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘add_to_toplist’:
> qrq.c:1172:9: warning: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
> 1172 | fgets(tmp, 35, fh);
> | ^~~~~~~~~~~~~~~~~~
> qrq.c:1191:9: warning: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
> 1191 | fread(part1, sizeof(char), (size_t) j, fh);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘close_summary_file’:
> qrq.c:1058:38: warning: ‘%s’ directive output may be truncated writing up to 14 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
> 1058 | snprintf(filename, PATH_MAX, "%s/%s-%s.txt", sumfilepath, mycall, time_fmt);
> | ^~ ~~~~~~
> In file included from /usr/include/stdio.h:866,
> from /usr/include/curses.h:232,
> from qrq.c:28:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:70:10: note: ‘__builtin___snprintf_chk’ output between 7 and 4371 bytes into a destination of size 4096
> 70 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 71 | __bos (__s), __fmt, __va_arg_pack ());
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘save_config.isra’:
> qrq.c:1648:49: warning: ‘%s’ directive writing up to 4095 bytes into a region of size between 4017 and 4096 [-Wformat-overflow=]
> 1648 | sprintf(tmp, "%s%s ", confopts[i], dspdevice);
> | ^~ ~~~~~~~~~
> In file included from /usr/include/stdio.h:866,
> from /usr/include/curses.h:232,
> from qrq.c:28:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:38:10: note: ‘__builtin___sprintf_chk’ output between 2 and 4176 bytes into a destination of size 4096
> 38 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 39 | __bos (__s), __fmt, __va_arg_pack ());
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c:1645:49: warning: ‘%s’ directive writing up to 4095 bytes into a region of size between 4017 and 4096 [-Wformat-overflow=]
> 1645 | sprintf(tmp, "%s%s ", confopts[i], cbfilename);
> | ^~ ~~~~~~~~~~
> In file included from /usr/include/stdio.h:866,
> from /usr/include/curses.h:232,
> from qrq.c:28:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:38:10: note: ‘__builtin___sprintf_chk’ output between 2 and 4176 bytes into a destination of size 4096
> 38 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 39 | __bos (__s), __fmt, __va_arg_pack ());
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘morse’:
> qrq.c:1409:68: warning: ‘fwdotlen’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> 1409 | int c, fulldotlen, dotlen, dashlen, charspeed, farnsworth, fwdotlen;
> | ^~~~~~~~
> In file included from /usr/include/string.h:519,
> from qrq.c:30:
> In function ‘strncpy’,
> inlined from ‘main’ at qrq.c:523:3:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ specified bound 80 equals destination size [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: some warnings being treated as errors
> make[1]: *** [Makefile:80: qrq.o] Error 1
The full build log is available from:
http://qa-logs.debian.net/2021/10/23/qrq_0.3.3-3_unstable.log
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
If you reassign this bug to another package, please marking it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
Reply to: