On Sat, 2009-11-07 at 17:47 +0000, Ineiev wrote: > > hid/gtk/gui-dialog.c:172: warning: format not a string literal and no > > format arguments > > Should be like it is: the function semantics differ from the printf() ones.
The correct fix for any bug sprewing this message is usually to pass the format string as "%s", then the message as a format argument. This aviods the possibility of exploits from a user-derived message string getting into the printf type routine: In this case, CHANGE: dialog = gtk_message_dialog_new (GTK_WINDOW (out->top_window), GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_QUESTION, GTK_BUTTONS_NONE, message); TO: dialog = gtk_message_dialog_new (GTK_WINDOW (out->top_window), GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_QUESTION, GTK_BUTTONS_NONE, "%s", message); > > flags.c:226: warning: cast from pointer to integer of different size > > OffsetOf() shall not overflow even 16 bits when MAX_LAYERS < 2048. We could probably cast the warning away. Our "OffsetOf" macro should use a large enough integer type to match the pointer on the system, and by in specific cases, we might choose to cast that into a smaller integer type. > > parse_l.l:198: warning: ignoring return value of ‘fwrite’, declared with > > attribute warn_unused_result > > parse_l.c:1508: warning: ‘input’ defined but not used > > res_lex.l:64: warning: ignoring return value of ‘fwrite’, declared with > > attribute warn_unused_result > > res_lex.c:1139: warning: ‘input’ defined but not used > > Parser generator artifacts IMVHO. Looks like. You might be able to kludge around the "input" one, possibly by taking the address of that function into some void* pointer in the source .l file, then casting it away, but it is probably not worth it. I don't get the "fwrite" one, as presumably later flex has fixed the generated code for that case. > > /usr/include/bits/string3.h:153: warning: call to __builtin___strncat_chk > > might overflow destination buffer > > /usr/include/bits/string3.h:153: warning: call to __builtin___strncat_chk > > might overflow destination buffer > > No idea. This definition looks like the required call: extern __inline __attribute__ ((__always_inline__)) __attribute__ ((__gnu_inline__, __artificial__)) char * __attribute__ ((__nothrow__)) strncat (char *__restrict __dest, __const char *__restrict __src, size_t __len) { return __builtin___strncat_chk (__dest, __src, __len, __builtin_object_size (__dest, 2 > 1)); } That file calls "strncat" in several places, on a string "accel" which is 64 char long. Each call is passed "sizeof (accel)" as its "n" argument, so it shouldn't overflow as far as I can see. AHHA... >From man 3 strncat: If src contains n or more characters, strncat() writes n+1 characters to dest (n from src plus the terminating null byte). Therefore, the size of dest must be at least strlen(dest)+n+1. So we need to pass "sizeof (accel) - 1". > > hid/common/actions.c:214: warning: ignoring return value of ‘fwrite’, > > declared with attribute warn_unused_result > > hid/common/actions.c:215: warning: ignoring return value of ‘fwrite’, > > declared with attribute warn_unused_result > > If an error occurs while writing into stderr, probably the most useful > reaction is to ignore it. True.. I'm not sure if we can cast it away or not. I remember reading some notes about GCC not liking you to cast such warnings away. if (fwrite...) { /* NOP */ } Or some portable, non-compiler whining alternative? Thanks for looking into all of these Ineiev. (BTW, Please bug me if you have any outstanding patches I promised to review / apply. I recall layer colours.. ) Best wishes, Peter C. _______________________________________________ geda-user mailing list geda-user@moria.seul.org http://www.seul.org/cgi-bin/mailman/listinfo/geda-user