Thanks for your explanation.
Could you please file a issue about the format security error?
ttp://code.google.com/p/ibus/issues/
I think it's better to log the problem to clarify what is fixed.
It seems printf(_("a")) is no error but a = _("a"); printf(a) is the error.
I will check all of ibus codes with that GCC option later.
(07/16/13 23:35), Osamu Aoki-san wrote:
Hi,
On Tue, Jul 16, 2013 at 03:37:39PM +0900, Takao Fujiwara wrote:
(07/13/13 21:57), Osamu Aoki-san wrote:
The build path calculation may be refined to accommodate flexible
build with attached patch.
Please refer http://code.google.com/p/ibus/issues/detail?id=1312
The two attached patches for format string should fix compile error
and improve security. (Debian uses -Werror=format-security and these
were needed for compile. Considering how these strings are
generated, risk is practically zero but compiler is noisy and making
them quiet is easy.)
I don't understand which security issue is fixed with your patches.
Quoting the gcc man page:
If -Wformat is specified, also warn about uses of format functions that
represent possible security problems. At present, this warns about calls
to printf and scanf functions where the format string is not a string
literal and there are no format arguments, as in printf (foo);. This may
be a security hole if the format string came from untrusted input and
contains %n.
http://en.wikipedia.org/wiki/Format_string_attack
See also http://wiki.debian.org/Hardening#gcc_-Wformat_-Wformat-security
While not all programs correctly implement the printf hints (like glib's
G_GNUC_PRINTF macro), adding this will at least call out simple printf
format string vulnerabilities. Any programs whose builds become "noisy"
as a result, should be fixed anyway.
In the sense, we probably could implement the printf hints for this case
but it was easier with my patch.
This is a part of recommended build process for Debian packages.
Ubuntu did this and Debian is following. Mandriva seems to be doing
too. So making this not noisy is required by many distros.
I have to admit I did not find this to be required by FEDORA
https://fedoraproject.org/wiki/Security_Features?rd=Security/Features
I think the formats of the g_dbus function and printf are same.
Does your compiler asks not to use printf(format) for example?
Yes with "-Wformat -Werror=format-security" specified.
If the similar patches had been upstreamed, e.g. GNOME, KDE, I'd like
to know the references.
Please google with "error format-security bug" or similar as keywords.
https://mail.gnome.org/archives/commits-list/2012-June/msg07345.html
https://mail.gnome.org/archives/commits-list/2012-April/msg10111.html
https://mail.gnome.org/archives/commits-list/2011-September/msg06819.html
https://bugreports.qt-project.org/browse/QTBUG-22860
https://www.ruby-forum.com/topic/187198
https://ffmpeg.org/trac/ffmpeg/ticket/1030
https://bugs.php.net/bug.php?id=63228
https://issues.apache.org/bugzilla/show_bug.cgi?id=52564
http://ghostscript.com/pipermail/gs-devel/2009-February/008193.html
http://trac.osgeo.org/gdal/ticket/2976
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
https://code.google.com/p/gnome-mplayer/issues/detail?id=613
https://github.com/pld-linux/gnome-commander/blob/master/gnome-commander-format-security.patch
... (many)
It seems your compiler is not GCC.
We use GCC at Debian.
$ gcc --version
gcc (Debian 4.8.1-6) 4.8.1
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Ubuntu GCC default seems to have been changed to force "-Wformat
-Werror=format-security" but not with Debian. My build script specified
these options.
% gcc -o c c.c -Werror=format-security
cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]
cc1: some warnings being treated as errors
Yes. -Werror=format-security makes normal -Wformat warnings into error
as I understand. As error message states, you need -Wformat. Excuse me
not clear enough.
Regards,
Osamu
I think it would be better to file a issue instead of attaching patches in the
mailing list.
http://code.google.com/p/ibus/issues/
OK, noted.
Osamu
--
--
You received this message because you are subscribed to the Google
Groups "ibus-devel" group.
iBus project web page: http://code.google.com/p/ibus/
iBus dev group: http://groups.google.com/group/ibus-devel?hl=en
---
You received this message because you are subscribed to the Google Groups "ibus-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
