Bug#654403: snacc: FTBFS with -Werror=format-security

Tue, 03 Jan 2012 05:21:25 -0800 

Package: snacc
Version: snacc_1.3bbn-11
Severity: normal
Tags: upstream patch
User: debian...@lists.debian.org
Usertags: hardening-format-security

snacc fails to build with -Werror=format-security compiler option.

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../../c-lib/inc 
-DUSE_GEN_BUF -DTTBL -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security 
-Wall -DFLEX_IN_USE -c tbl-dbg.c  -fPIC -DPIC -o .libs/tbl-dbg.o
In file included from ../../c-lib/inc/tbl-gen.h:5:0,
                 from ../../c-lib/inc/tbl-dbg.h:4,
                 from tbl-dbg.c:2:
.../../c-lib/inc/tbl-incl.h:27:0: warning: "TTBL" redefined [enabled by default]
<command-line>:0:0: note: this is the location of the previous definition
tbl-dbg.c: In function 'DBGOcts':
tbl-dbg.c:11:2: warning: implicit declaration of function 'isprint' 
[-Wimplicit-function-declaration]
tbl-dbg.c: In function 'DBGSimple':
tbl-dbg.c:227:9: warning: unused variable 'i' [-Wunused-variable]
tbl-dbg.c:223:14: warning: unused variable 'form' [-Wunused-variable]
tbl-dbg.c: In function 'DBGPrintType':
tbl-dbg.c:309:2: error: format not a string literal and no format arguments 
[-Werror=format-security]
tbl-dbg.c: In function 'DBGType':
tbl-dbg.c:325:5: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:325:5: warning: (near initialization for 'printproc[0]') [enabled by 
default]
tbl-dbg.c:325:5: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:325:5: warning: (near initialization for 'printproc[1]') [enabled by 
default]
tbl-dbg.c:325:5: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:325:5: warning: (near initialization for 'printproc[2]') [enabled by 
default]
tbl-dbg.c:326:5: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:326:5: warning: (near initialization for 'printproc[3]') [enabled by 
default]
tbl-dbg.c:327:13: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:327:13: warning: (near initialization for 'printproc[4]') [enabled by 
default]
tbl-dbg.c:327:13: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:327:13: warning: (near initialization for 'printproc[5]') [enabled by 
default]
tbl-dbg.c:327:13: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:327:13: warning: (near initialization for 'printproc[6]') [enabled by 
default]
tbl-dbg.c:327:13: warning: initialization from incompatible pointer type 
[enabled by default]
tbl-dbg.c:327:13: warning: (near initialization for 'printproc[7]') [enabled by 
default]
cc1: some warnings being treated as errors

Build log in Ubuntu:
https://launchpadlibrarian.net/87253059/buildlog_ubuntu-precise-armhf.snacc_1.3bbn-11ubuntu1_FAILEDTOBUILD.txt.gz

See also:
http://wiki.debian.org/Hardening
http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

Patch from Ubuntu attached.
https://launchpad.net/ubuntu/+source/snacc/1.3bbn-11ubuntu2

-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric-updates
  APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 
'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-15-generic (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Description: fix FTBFS with -Werror=format-security
Author: Ilya Barygin <randomact...@ubuntu.com>

--- snacc-1.3bbn.orig/c-lib/src/tbl-dbg.c
+++ snacc-1.3bbn/c-lib/src/tbl-dbg.c
@@ -306,7 +306,7 @@
     if (type->typeId == TBL_TYPEREF)
        DBGOcts(&type->content->a.typeRef->typeDefPtr->typeName);
     else
-       fprintf(stdout,TIN[type->typeId]);
+       fprintf(stdout,"%s",TIN[type->typeId]);
     if (type->fieldName.octetLen)
     {
        fprintf(stdout," ");

Reply via email to