Control: tags -1 + patch bookworm sid
Am 19.09.2021 um 09:13 schrieb Helmut Grohne:
> Source: gdisk
> Version: 1.0.8-3
> Severity: serious
> Tags: ftbfs
>
>
> gdisk fails to build from source in unstable on amd64. A build ends as
> follows:
>
> | x86_64-linux-gnu-g++ -g -O2
> | -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
> | -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
> | -Wdate-time -D_FORTIFY_SOURCE=2 -c -o gptcurses.o gptcurses.cc
> | gptcurses.cc: In member function ‘Space* GPTDataCurses::ShowSpace(int,
> int)’:
> | gptcurses.cc:242:87: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 242 | printw(BytesToIeee((space->lastLBA - space->firstLBA + 1),
> blockSize).c_str());
> | |
> ^
> | gptcurses.cc:249:87: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 249 | printw(BytesToIeee((space->lastLBA - space->firstLBA + 1),
> blockSize).c_str());
> | |
> ^
> | gptcurses.cc:251:55: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 251 | printw(space->origPart->GetTypeName().c_str());
> | | ^
> | gptcurses.cc:257:58: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 257 | printw(space->origPart->GetDescription().c_str());
> | | ^
> | gptcurses.cc: In member function ‘int GPTDataCurses::DisplayParts(int)’:
> | gptcurses.cc:274:26: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 274 | printw(theLine.c_str());
> | | ^
> | gptcurses.cc:277:26: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 277 | printw(theLine.c_str());
> | | ^
> | gptcurses.cc: In member function ‘void GPTDataCurses::ShowInfo(int)’:
> | gptcurses.cc:336:29: warning: format ‘%lld’ expects argument of type
> | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 336 | printw("First sector: %lld (at %s)\n",
> partitions[partNum].GetFirstLBA(),
> | | ~~~^
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> | | |
> |
> | | long long int
> uint64_t {aka long unsigned int}
> | | %ld
> | gptcurses.cc:338:28: warning: format ‘%lld’ expects argument of type
> | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 338 | printw("Last sector: %lld (at %s)\n",
> partitions[partNum].GetLastLBA(),
> | | ~~~^
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> | | |
> |
> | | long long int
> uint64_t {aka long unsigned int}
> | | %ld
> | gptcurses.cc:341:31: warning: format ‘%lld’ expects argument of type
> | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 341 | printw("Partition size: %lld sectors (%s)\n", size,
> BytesToIeee(size, blockSize).c_str());
> | | ~~~^ ~~~~
> | | | |
> | | long long int uint64_t {aka long
> unsigned int}
> | | %ld
> | gptcurses.cc:342:33: warning: format ‘%x’ expects argument of type
> | ‘unsigned int’, but argument 2 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 342 | printw("Attribute flags: %016x\n",
> partitions[partNum].GetAttributes().GetAttributes());
> | | ~~~~^
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> | | |
> |
> | | unsigned int uint64_t {aka
> | | long unsigned int}
> | | %016lx
> | gptcurses.cc: In member function ‘void GPTDataCurses::MakeNewPart()’:
> | gptcurses.cc:444:32: warning: format ‘%lld’ expects argument of type
> | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 444 | printw("First sector (%lld-%lld, default = %lld): ",
> newFirstLBA, currentSpace->lastLBA, newFirstLBA);
> | | ~~~^
> ~~~~~~~~~~~
> | | | |
> | | long long int uint64_t
> {aka long unsigned int}
> | | %ld
> | gptcurses.cc:444:37: warning: format ‘%lld’ expects argument of type
> | ‘long long int’, but argument 3 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 444 | printw("First sector (%lld-%lld, default = %lld): ",
> newFirstLBA, currentSpace->lastLBA, newFirstLBA);
> | | ~~~^
> ~~~~~~~~~~~~~~~~~~~~~
> | | |
> |
> | | long long int uint64_t
> | | {aka long unsigned int}
> | | %ld
> | gptcurses.cc:444:53: warning: format ‘%lld’ expects argument of type
> | ‘long long int’, but argument 4 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 444 | printw("First sector (%lld-%lld, default = %lld): ",
> newFirstLBA, currentSpace->lastLBA, newFirstLBA);
> | | ~~~^
> ~~~~~~~~~~~
> | | |
> |
> | | long long int
> | | uint64_t {aka long unsigned int}
> | | %ld
> | gptcurses.cc:455:56: warning: format ‘%lld’ expects argument of type
> | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long
> | unsigned int’} [-Wformat=]
> | 455 | printw("Size in sectors or {KMGTP} (default = %lld): ", size);
> | | ~~~^ ~~~~
> | | | |
> | | |
> uint64_t {aka long unsigned int}
> | | long long int
> | | %ld
> | gptcurses.cc: In member function ‘void GPTDataCurses::DisplayOptions(char)’:
> | gptcurses.cc:639:32: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 639 | printw(optionDesc.c_str());
> | | ^
> | gptcurses.cc: In member function ‘void GPTDataCurses::DrawMenu()’:
> | gptcurses.cc:751:24: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 751 | printw(title.c_str());
> | | ^
> | gptcurses.cc:753:24: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 753 | printw(drive.c_str());
> | | ^
> | gptcurses.cc:755:29: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 755 | printw(size.str().c_str());
> | | ^
> | gptcurses.cc: In function ‘void Report(std::string)’:
> | gptcurses.cc:805:26: error: format not a string literal and no format
> arguments [-Werror=format-security]
> | 805 | printw(theText.c_str());
> | | ^
> | cc1plus: some warnings being treated as errors
> | make[2]: *** [<builtin>: gptcurses.o] Error 1
> | make[2]: Leaving directory '/<<PKGBUILDDIR>>'
> | dh_auto_build: error: make -j1 "INSTALL=install --strip-program=true"
> CXX=x86_64-linux-gnu-g\+\+ returned exit code 2
> | make[1]: *** [debian/rules:17: override_dh_auto_build] Error 25
> | make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> | make: *** [debian/rules:30: binary] Error 2
> | dpkg-buildpackage: error: debian/rules binary subprocess returned exit
> status 2
>
> Very likely, this is due to the recent ncurses upload which improved
> security annotations of function declarations.
Indeed, that had been requested in #993179. The solution is to add "%s"
as first argument to the printw call in all these cases, see the
attached patch.
From 9fdc28cecc648ba4487109153b054dce72594160 Mon Sep 17 00:00:00 2001
From: Sven Joachim <[email protected]>
Date: Wed, 13 Oct 2021 17:21:14 +0200
Subject: [PATCH] Fix string format errors with recent ncurses
---
gptcurses.cc | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/gptcurses.cc b/gptcurses.cc
index 1fbaad2..b9402cd 100644
--- a/gptcurses.cc
+++ b/gptcurses.cc
@@ -239,22 +239,22 @@ Space* GPTDataCurses::ShowSpace(int spaceNum, int lineNum) {
ClearLine(lineNum);
if (space->partNum == -1) { // space is empty
move(lineNum, 12);
- printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
+ printw("%s", BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
move(lineNum, 24);
printw("free space");
} else { // space holds a partition
move(lineNum, 3);
printw("%d", space->partNum + 1);
move(lineNum, 12);
- printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
+ printw("%s", BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
move(lineNum, 24);
- printw(space->origPart->GetTypeName().c_str());
+ printw("%s", space->origPart->GetTypeName().c_str());
move(lineNum, 50);
#ifdef USE_UTF16
space->origPart->GetDescription().extract(0, 39, temp, 39);
printw(temp);
#else
- printw(space->origPart->GetDescription().c_str());
+ printw("%s", space->origPart->GetDescription().c_str());
#endif
} // if/else
} // if
@@ -271,10 +271,10 @@ int GPTDataCurses::DisplayParts(int selected) {
move(lineNum++, 0);
theLine = "Part. # Size Partition Type Partition Name";
- printw(theLine.c_str());
+ printw("%s", theLine.c_str());
move(lineNum++, 0);
theLine = "----------------------------------------------------------------";
- printw(theLine.c_str());
+ printw("%s", theLine.c_str());
numToShow = LINES - RESERVED_TOP - RESERVED_BOTTOM;
pageNum = selected / numToShow;
for (i = pageNum * numToShow; i <= (pageNum + 1) * numToShow - 1; i++) {
@@ -636,7 +636,7 @@ void GPTDataCurses::DisplayOptions(char selectedKey) {
} // if/else
} // for
move(LINES - 1, (COLS - optionDesc.length()) / 2);
- printw(optionDesc.c_str());
+ printw("%s", optionDesc.c_str());
currentKey = selectedKey;
} // if
} // GPTDataCurses::DisplayOptions()
@@ -748,11 +748,11 @@ void GPTDataCurses::DrawMenu(void) {
clear();
move(0, (COLS - title.length()) / 2);
- printw(title.c_str());
+ printw("%s", title.c_str());
move(2, (COLS - drive.length()) / 2);
- printw(drive.c_str());
+ printw("%s", drive.c_str());
move(3, (COLS - size.str().length()) / 2);
- printw(size.str().c_str());
+ printw("%s", size.str().c_str());
DisplayParts(currentSpaceNum);
} // DrawMenu
@@ -802,7 +802,7 @@ void PromptToContinue(void) {
void Report(string theText) {
clear();
move(0, 0);
- printw(theText.c_str());
+ printw("%s", theText.c_str());
move(LINES - 2, (COLS - 29) / 2);
printw("Press any key to continue....");
cbreak();
--
2.33.0
