Bug#710643: ibus: FTBFS: ibusfactory.c:294:52: error: format not a string literal and no format arguments [-Werror=format-security]

Wed, 05 Jun 2013 14:34:01 -0700

The fix was pretty simple, just let g_dbus_method_invocation_return_error do the formatting rather than trying to do it ourselves. Format security error fixed, code simplified and unnessacery copy avoided win-win-win. 


Patch is attached. The patch contains a NMU changelog entry but I have 
no immediate plans to NMU because I have no idea how to test the package.

diff -Nru ibus-1.5.1.is.1.4.2/debian/changelog 
ibus-1.5.1.is.1.4.2/debian/changelog
--- ibus-1.5.1.is.1.4.2/debian/changelog        2013-02-13 12:59:13.000000000 
+0000
+++ ibus-1.5.1.is.1.4.2/debian/changelog        2013-06-05 21:21:04.000000000 
+0000
@@ -1,3 +1,12 @@
+ibus (1.5.1.is.1.4.2-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix format security error by passing format string and parameter directly
+    to g_dbus_method_invocation_return_error rather than formatting the string
+    ourselves and passing that to the function.
+
+ -- Peter Michael Green <plugw...@debian.org>  Wed, 05 Jun 2013 18:37:49 +0000
+
 ibus (1.5.1.is.1.4.2-1) unstable; urgency=low
 
   * Revert to 1.4.2.
diff -Nru ibus-1.5.1.is.1.4.2/debian/patches/fix-format-security-error.patch 
ibus-1.5.1.is.1.4.2/debian/patches/fix-format-security-error.patch
--- ibus-1.5.1.is.1.4.2/debian/patches/fix-format-security-error.patch  
1970-01-01 00:00:00.000000000 +0000
+++ ibus-1.5.1.is.1.4.2/debian/patches/fix-format-security-error.patch  
2013-06-05 21:04:44.000000000 +0000
@@ -0,0 +1,24 @@
+Description: Fix format security error
+ The old code does the formatting itself and then passes the result to a
+ parameter expecting a format string
+ This patch lets the called function do the formatting eliminating the format
+ security error, simplifying the code and avoiding an unnessacery copy.
+Author: Peter Michael Green <plugw...@debian.org>
+
+--- ibus-1.5.1.is.1.4.2.orig/src/ibusfactory.c
++++ ibus-1.5.1.is.1.4.2/src/ibusfactory.c
+@@ -287,12 +287,11 @@ ibus_factory_service_method_call (IBusSe
+             g_free (object_path);
+         }
+         else {
+-            gchar *error_message = g_strdup_printf ("Can not fond engine %s", 
engine_name);
+             g_dbus_method_invocation_return_error (invocation,
+                                                    G_DBUS_ERROR,
+                                                    G_DBUS_ERROR_FAILED,
+-                                                   error_message);
+-            g_free (error_message);
++                                                   "Can not fond engine %s",
++                                                   engine_name);
+         }
+         return;
+     }
diff -Nru ibus-1.5.1.is.1.4.2/debian/patches/series 
ibus-1.5.1.is.1.4.2/debian/patches/series
--- ibus-1.5.1.is.1.4.2/debian/patches/series   2013-02-13 12:57:53.000000000 
+0000
+++ ibus-1.5.1.is.1.4.2/debian/patches/series   2013-06-05 21:02:47.000000000 
+0000
@@ -1,2 +1,3 @@
 proper-gtk-plugin-path.patch
 ibus-530711-preload-sys.patch
+fix-format-security-error.patch






















					Reply via email to