On 10/24/21 4:36 AM, Rogier Wolff wrote:
>
> I think this is perfectly legal C code and your compiler doesn't like
> it. It doesn't just warn, but gives an error.
>
> Roger.
Rogier, that is a 100% true statement, but Debian (and most other
distributions) have started using the -Werror=format-security build flag for
everything everywhere because leaving all of these calls as-is means, in
certain cases, leaving vulnerabilities in. Sure, you can prove that mtr's
code introduces no such vulnerabilities because none of the format specs are
user-supplied, but it's probably not reasonable to expect that that would be
a one-time effort, whereas changing the code would be.
