Bug#997161: ecasound: FTBFS: ecasignalview.cpp:354:13: error: format not a string literal and no format arguments [-Werror=format-security]
- To: 997161@bugs.debian.org
- Subject: Bug#997161: ecasound: FTBFS: ecasignalview.cpp:354:13: error: format not a string literal and no format arguments [-Werror=format-security]
- From: Sven Joachim <svenjoac@gmx.de>
- Date: Sun, 28 Nov 2021 11:25:27 +0100
- Message-id: <[🔎] 8735ngh90o.fsf@turtle.gmx.de>
- Reply-to: Sven Joachim <svenjoac@gmx.de>, 997161@bugs.debian.org
- In-reply-to: <YXRdF6L2E0fgEHsQ@xanadu.blop.info> (Lucas Nussbaum's message of "Sat, 23 Oct 2021 21:05:59 +0200")
- References: <YXRdF6L2E0fgEHsQ@xanadu.blop.info> <YXRdF6L2E0fgEHsQ@xanadu.blop.info>
Control: forwarded -1 https://sourceforge.net/p/ecasound/bugs/54/
Control: tags -1 + patch
On 2021-10-23 21:05 +0200, Lucas Nussbaum wrote:
> Source: ecasound
> Version: 2.9.3-2
> Severity: serious
> Justification: FTBFS
> Tags: bookworm sid ftbfs
>
> Hi,
>
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
>
>
> Relevant part (hopefully):
>> /bin/bash ../libtool --tag=CC --mode=link gcc -ffast-math
>> -fstrict-aliasing -DNDEBUG -DENABLE_DBC -g -O2
>> -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
>> -Wformat -Werror=format-security -Wl,-z,relro -o ecalength
>> ecalength.o ../libecasoundc/libecasoundc.la -lasound -ldl -lm
>> -lpthread
>> libtool: link: g++ -ffast-math -fstrict-aliasing -std=c++98 -DNDEBUG
>> -DENABLE_DBC -g -O2
>> -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
>> -Wformat -Werror=format-security -Wl,-z -Wl,relro -o
>> .libs/ecaconvert ecaconvert.o ecicpp_helpers.o
>> ../libecasoundc/.libs/libecasoundc.so ../kvutils/.libs/libkvutils.a
>> -lasound -ldl -lm -lpthread
>> ecasignalview.cpp: In function ‘void ecasv_output_init()’:
>> ecasignalview.cpp:354:13: error: format not a string literal and no format arguments [-Werror=format-security]
>> 354 | mvprintw(r++, 0, bar);
>> | ~~~~~~~~^~~~~~~~~~~~~
>> ecasignalview.cpp:360:13: error: format not a string literal and no format arguments [-Werror=format-security]
>> 360 | mvprintw(r++, 0, bar);
>> | ~~~~~~~~^~~~~~~~~~~~~
This has been reported upstream as well, the attached patch proposed
there looks correct and works for me.
Cheers,
Sven
From f2edef1f1e7b56f43ceea63f0d3024474f813b5d Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyich@gmail.com>
Date: Fri, 5 Nov 2021 23:26:19 +0000
Subject: [PATCH] ecasignalview.cpp: always use "%s"-style format for
printf()-style functions
`ncuses-6.3` added printf-style function attributes and now makes
it easier to catch cases when user input is used in palce of format
string when built with CFLAGS=-Werror=format-security:
ecasignalview.cpp:360:13:
error: format not a string literal and no format arguments [-Werror=format-security]
360 | mvprintw(r++, 0, bar);
| ~~~~~~~~^~~~~~~~~~~~~
Let's wrap all the missing places with "%s" format.
---
ecatools/ecasignalview.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ecatools/ecasignalview.cpp b/ecatools/ecasignalview.cpp
index ea56a138..7f3b765b 100644
--- a/ecatools/ecasignalview.cpp
+++ b/ecatools/ecasignalview.cpp
@@ -351,13 +351,13 @@ void ecasv_output_init(void)
ecasv_rate_msec, ecasv_buffersize, avg_length); */
++r;
const char* bar="------------------------------------------------------------------------------\n";
- mvprintw(r++, 0, bar);
+ mvprintw(r++, 0, "%s", bar);
mvprintw(r, 0, "channel");
if (ecasv_log_display_mode)
mvprintw(r++,38, "%s avg-peak dB max-peak dB clipped\n", ecasv_bar_buffer);
else
mvprintw(r++,38, "%s avg-peak max-peak clipped\n", ecasv_bar_buffer);
- mvprintw(r++, 0, bar);
+ mvprintw(r++, 0, "%s", bar);
memset(ecasv_bar_buffer, ' ', ecasv_bar_length_const - 4);
ecasv_bar_buffer[ecasv_bar_length_const - 4] = 0;
--
2.33.1
Reply to: