Bug#995624: pktstat FTBFS: error: format not a string literal and no format arguments [-Werror=format-security]
Control: tags -1 + patch
Am 03.10.2021 um 12:00 schrieb Helmut Grohne:
> Source: pktstat
> Version: 1.8.5-7
> Severity: serious
> Tags: ftbfs
>
> pktstat fails to build from source in unstable on amd64. A non-parallel
> build ends as follows:
>
> | gcc -DHAVE_CONFIG_H -I. -DPATH_PKTSTATRC=\"/etc/pktstatrc\" -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -pedantic -D_BSD_SOURCE -c -o display.o display.c
> | In file included from /usr/include/x86_64-linux-gnu/bits/libc-header-start.h:33,
> | from /usr/include/stdio.h:27,
> | from display.c:17:
> | /usr/include/features.h:187:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
> | 187 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
> | | ^~~~~~~
> | display.c: In function ‘display_update’:
> | display.c:499:33: warning: field width specifier ‘*’ expects
> | argument of type ‘int’, but argument 2 has type ‘long unsigned int’
> | [-Wformat=]
> | 499 | attron(A_UNDERLINE); printw("%-*s",
> | | ~~^~
> | | |
> | | int
> | display.c:552:13: warning: field precision specifier ‘.*’ expects
> | argument of type ‘int’, but argument 2 has type ‘long unsigned int’
> | [-Wformat=]
> | 552 | printw("%.*s\n", MIN(maxx - LLEN, sizeof flows[i].tag - 1),
> | | ~~^~
> | | |
> | | int
> | display.c:566:15: warning: field precision specifier ‘.*’ expects
> | argument of type ‘int’, but argument 2 has type ‘long unsigned int’
> | [-Wformat=]
> | 566 | printw(" %.*s\n", MIN(maxx - LLEN - 2,
> | | ~~^~
> | | |
> | | int
> | display.c:285:21: warning: variable ‘x’ set but not used [-Wunused-but-set-variable]
> | 285 | int maxx, maxy, y, x;
> | | ^
> | display.c: In function ‘printhelp’:
> | display.c:672:3: error: format not a string literal and no format arguments [-Werror=format-security]
> | 672 | printw((char *)h->name + 1);
> | | ^~~~~~
> | cc1: some warnings being treated as errors
> | make[2]: *** [Makefile:483: display.o] Error 1
> | make[2]: Leaving directory '/<<PKGBUILDDIR>>'
> | make[1]: *** [Makefile:339: all] Error 2
> | make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> | dh_auto_build: error: make -j1 returned exit code 2
> | make: *** [debian/rules:11: build] Error 25
> | dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
>
> This is likely due to ncurses including format string annotations.
Indeed. The fix for the error is quite simple, add "%s" as first
argument in the printw call. Patch for that attached, although the
warnings might also be worth a look.
From f3368493fe0365f7f37064fb0ae5fd1fba50fc36 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Thu, 14 Oct 2021 19:40:32 +0200
Subject: [PATCH] Fix format string error with recent ncurses
---
display.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/display.c b/display.c
index 2ff4c11..16b1b68 100644
--- a/display.c
+++ b/display.c
@@ -669,7 +669,7 @@ printhelp()
attron(A_REVERSE);
printw("%c", h->name[0]);
attroff(A_UNDERLINE);
- printw((char *)h->name + 1);
+ printw("%s", (char *)h->name + 1);
attrset(0);
printw(" ");
}
--
2.33.0
Reply to: