On Wed, Oct 09, 2013 at 06:24:54PM +0100, Wookey wrote: > c++ -c -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat > -Werror=format-security -Wall -DTHLINUX -O2 -o thpoint.o thpoint.cxx > thpoint.cxx: In member function ???virtual bool > thpoint::export_mp(thexpmapmpxs*)???: > thpoint.cxx:657:89: error: format not a string literal and no format > arguments [-Werror=format-security] > > The code is: > > if (!thisnan(this->xsize)) { > //if (double(int(this->xsize)) != this->xsize) > // sprintf(buff,"%.1f",this->xsize); > //else > // sprintf(buff,"%.0f",this->xsize); > > fprintf(out->file,utf2tex(out->layout->units.format_human_length(this->xsize))); > } > > I don't understand this beyond the issue being that a format string > really should be supplied, otherwise it's a security risk, and it's not > being. Can someone supply a fix please?
The problem is that the string being printed could contain %-formatting codes, and if an attacker can control that string, they can potentially overwrite memory (via %n). So you want to write it out the string as a literal string by giving a format string of "%s": fprintf(out->file,"%s",utf2tex(out->layout->units.format_human_length(this->xsize))); Or simpler: fputs(utf2tex(out->layout->units.format_human_length(this->xsize)),out->file); I believe GCC actually optimises the former to the latter for you in the case when the format is a literal string "%s". Cheers, Olly