[GRASS-dev] Fwd: [Bug 1037102] New: grass FTBFS if "-Werror=format-security" flag is used
Maris Nartiss
maris.gis at gmail.com
Wed Dec 4 03:44:12 PST 2013
Easy. Do not use -Werror=format-security flag.
See this thread for details:
http://lists.osgeo.org/pipermail/grass-dev/2012-August/059157.html
Maris.
2013/12/3 Markus Neteler <neteler at osgeo.org>:
> Hi,
>
> with the security flag ("-Werror=format-security") enabled, GRASS
> fails to build.
> How to deal with this kind of error? I could then apply it elsewhere:
>
> cd lib/gis/
> make
> ...
> null_val.c: In function ‘InitError’:
> null_val.c:115:5: error: format not a string literal and no format
> arguments [-Werror=format-security]
> G_fatal_error(errMsg);
>
> cd vector/v.vol.rst
> main.c: In function ‘main’:
> main.c:587:2: error: format not a string literal and no format
> arguments [-Werror=format-security]
> G_debug(1, db_get_string(&sql));
> ^
> cc1: some warnings being treated as errors
>
> and so on.
>
> thanks
> Markus
>
>
> ---------- Forwarded message ----------
> From: <bugzilla at redhat.com>
> Date: Tue, Dec 3, 2013 at 4:08 AM
> Subject: [Bug 1037102] New: grass FTBFS if "-Werror=format-security"
> flag is used
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1037102
> Bug ID: 1037102
> Summary: grass FTBFS if "-Werror=format-security" flag is used
> Product: Fedora
> Version: rawhide
> Component: grass
> ...
>
> Description of problem
> ----------------------
>
> grass fails to build if "-Werror=format-security" flag is used.
> ...
>
> a2b.c:103:3: error: format not a string literal and no format arguments
> [-Werror=format-security]
> a2b.c:136:3: error: format not a string literal and no format arguments
> [-Werror=format-security]
> a2b.c:154:3: error: format not a string literal and no format arguments
> [-Werror=format-security]
> a2b.c:172:6: error: format not a string literal and no format arguments
> [-Werror=format-security]
>
> ...
>
> We are working on a proposal to enable "-Werror=format-security" for all
> packages. Once this flag is enabled, GCC will refuse to compile code that could
> be vulnerable to a string format security flaw. For more details, please see
> https://fedorahosted.org/fesco/ticket/1185 page.
>
> To understand why it is important to fix this, please see
> https://fedoraproject.org/wiki/Format-Security-FAQ page.
>
> How to fix this
> ---------------
>
> The fix for these errors is quite simple. It's a matter of changing a
> line like,
>
> printf(foo);
>
> to read,
>
> printf("%s", foo);
>
> That's it.
>
> Please fix this issue in rawhide with a patch (which you should submit
> to upstream to merge moving forward). Please do a new build with the
> fix in rawhide. Other releases do not need to be directly fixed, but
> there should be no harm in pushing out this fix/patch with other needed
> changes to those branches.
>
> In the event you don't fix this bug before the next mass rebuild,
> provenpackagers may step in and update your package(s) to fix this
> issue.
>
> How reproducible
> ----------------
>
> Build grass-6.4.3-5.fc21.src.rpm with "-Werror=format-security" flag to
> reproduce the problem.
>
> To make this process easier, you can use a modified "redhat-rpm-config" package
> from http://people.fedoraproject.org/~halfie/artifacts/redhat-rpm-config/ URL.
>
> $ sha256sum redhat-rpm-config-9.1.0-56.fc20.*
> faad7594b2080fe76497d0ce50808c905a93dd7b41c1defdde5ca57e3833d3d2
> redhat-rpm-config-9.1.0-56.fc20.noarch.rpm
> 5aa9357174305c7285ffdbc92d7ffe1c07a8a95d5459b930461308f5aad75413
> redhat-rpm-config-9.1.0-56.fc20.src.rpm
> _______________________________________________
> grass-dev mailing list
> grass-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/grass-dev
More information about the grass-dev
mailing list