GNOME Bugzilla – Bug 660841
build failure with [-Werror=format-security]
Last modified: 2011-10-13 02:21:43 UTC
Building anjuta on Debian (where -Werror=format-security is now enabled by default) results in a build failure: > /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -pthread -DGSEAL_ENABLE -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/gtk-3.0 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -DGSEAL_ENABLE -pthread -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libgdl-3.0 -I/usr/include/gtk-3.0 -I/usr/include/libxml2 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I../.. -I../../libanjuta -DPACKAGE_PIXMAPS_DIR=\""/usr/share/pixmaps/anjuta"\" -DPACKAGE_LIB_DIR=\""/usr/lib/anjuta"\" -DPACKAGE_DATA_DIR=\""/usr/share/anjuta"\" -DG_LOG_DOMAIN=\"am-project\" -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -c -o am-project.lo am-project.c > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -pthread -DGSEAL_ENABLE -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/gtk-3.0 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -DGSEAL_ENABLE -pthread -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libgdl-3.0 -I/usr/include/gtk-3.0 -I/usr/include/libxml2 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I../.. -I../../libanjuta -DPACKAGE_PIXMAPS_DIR=\"/usr/share/pixmaps/anjuta\" -DPACKAGE_LIB_DIR=\"/usr/lib/anjuta\" -DPACKAGE_DATA_DIR=\"/usr/share/anjuta\" -DG_LOG_DOMAIN=\"am-project\" -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -c am-project.c -fPIC -DPIC -o .libs/am-project.o > am-project.c: In function 'amp_project_load_root': > am-project.c:1600:7: error: format not a string literal and no format arguments [-Werror=format-security] > am-project.c: At top level: > am-project.c:408:1: warning: 'ac_init_default_tarname' defined but not used [-Wunused-function] > cc1: some warnings being treated as errors > > make[5]: *** [am-project.lo] Error 1 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643351
It also fails at: /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -I/usr/include/libxml2 -pthread -DGSEAL_ENABLE -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/gtk-3.0 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -DGSEAL_ENABLE -pthread -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libgdl-3.0 -I/usr/include/gtk-3.0 -I/usr/include/libxml2 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I../.. -I../../libanjuta -DPACKAGE_PIXMAPS_DIR=\""/usr/share/pixmaps/anjuta"\" -DPACKAGE_LIB_DIR=\""/usr/lib/anjuta"\" -DPACKAGE_DATA_DIR=\""/usr/share/anjuta"\" -DG_LOG_DOMAIN=\"mk-project\" -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -c -o mk-project.lo mk-project.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -I/usr/include/libxml2 -pthread -DGSEAL_ENABLE -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/gtk-3.0 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -DGSEAL_ENABLE -pthread -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libgdl-3.0 -I/usr/include/gtk-3.0 -I/usr/include/libxml2 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I../.. -I../../libanjuta -DPACKAGE_PIXMAPS_DIR=\"/usr/share/pixmaps/anjuta\" -DPACKAGE_LIB_DIR=\"/usr/lib/anjuta\" -DPACKAGE_DATA_DIR=\"/usr/share/anjuta\" -DG_LOG_DOMAIN=\"mk-project\" -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wno-sign-compare -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -c mk-project.c -fPIC -DPIC -o .libs/mk-project.o mk-project.c: In function 'project_load_makefile': mk-project.c:491:7: error: format not a string literal and no format arguments [-Werror=format-security] mk-project.c: At top level: mk-project.c:243:1: warning: 'mkp_target_get_token' defined but not used [-Wunused-function] cc1: some warnings being treated as errors make[3]: *** [mk-project.lo] Error 1 make[3]: Target `all' not remade because of errors. make[3]: Leaving directory `/home/michael/git/anjuta/plugins/mk-project'
Created attachment 198165 [details] [review] Fix string-format vulnerability by using g_set_error_literal ()
Created attachment 198166 [details] [review] Fix format string vulnerability by using g_set_error_literal ()
Thanks, http://git.gnome.org/browse/anjuta/commit/?id=fa547401997c3fecb1ef500d3b496ceeb413a0e2 Sorry for not merging it in gnome-3-2 but that would require a string-free break and that's kind of not worth it.
Well, sorry, it doesn't. Wasn't paying much attention...