On Fri, Aug 10, 2012 at 7:45 AM, Maris Nartiss <[email protected]> wrote: > Hello, > just to clarify. > It's not a GCC bug but a valid warning of an exploitable issue: > http://en.wikipedia.org/wiki/Uncontrolled_format_string > Still for most of GRASS codebase it's harmless as strings are fixed > and not user provided. > Those, who don't see any warnings, should try CFLAGS="-Wall -Wformat > -Wno-format-extra-args -Wformat-security -Wformat-nonliteral > -Wformat=2" make
You can also use "pscan" (comes with Debian Fedora, ...): [neteler@north grass70]$ find . -name '*.c' | xargs pscan | wc -l 122 Random examples of pscan output: ./lib/gis/datum.c:115 SECURITY: sprintf call should have "%s" as argument 1 ./lib/gis/datum.c:120 SECURITY: sprintf call should have "%s" as argument 1 ./lib/gis/view.c:465 SECURITY: fprintf call should have "%s" as argument 1 Markus _______________________________________________ grass-dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/grass-dev
