[GRASS-dev] [GRASS-SVN] r52607 - grass/trunk/raster/r.lake
Markus Neteler
neteler at osgeo.org
Fri Aug 10 00:28:43 PDT 2012
On Fri, Aug 10, 2012 at 7:45 AM, Maris Nartiss <maris.gis at gmail.com> wrote:
> Hello,
> just to clarify.
> It's not a GCC bug but a valid warning of an exploitable issue:
> http://en.wikipedia.org/wiki/Uncontrolled_format_string
> Still for most of GRASS codebase it's harmless as strings are fixed
> and not user provided.
> Those, who don't see any warnings, should try CFLAGS="-Wall -Wformat
> -Wno-format-extra-args -Wformat-security -Wformat-nonliteral
> -Wformat=2" make
You can also use "pscan" (comes with Debian Fedora, ...):
[neteler at north grass70]$ find . -name '*.c' | xargs pscan | wc -l
122
Random examples of pscan output:
./lib/gis/datum.c:115 SECURITY: sprintf call should have "%s" as argument 1
./lib/gis/datum.c:120 SECURITY: sprintf call should have "%s" as argument 1
./lib/gis/view.c:465 SECURITY: fprintf call should have "%s" as argument 1
Markus
More information about the grass-dev
mailing list