Bug#643366: concalc: FTBFS: concalc.cpp:442:22: error: format not a string literal and no format arguments [-Werror=format-security]

[Eric Alexander]

tags 643366 +patch
thanks
Index: concalc-0.9.2/src/concalc.cpp
===
--- concalc-0.9.2.orig/src/concalc.cpp	2011-11-11 11:39:05.593640191 -0500
+++ concalc-0.9.2/src/concalc.cpp	2011-11-11 11:39:15.141640488 -0500
@@ -439,7 +439,7 @@
 break;
 			case NCHAR:
 			{
-printf(value.cval);
+printf(%s, value.cval);
 break;
 			}
 			default:
@@ -678,7 +678,7 @@
 initDebugging(subFileContent,scriptData);
 cleanSubFileContent=preprocessor(subFileContent,pref,true);
 fprintf(stderr,\nProcessing file );
-fprintf(stderr,scriptData-subprogramPath[c]);
+fprintf(stderr,%s, scriptData-subprogramPath[c]);
 fprintf(stderr,\n);
 if(cleanSubFileContent==NULL)
 {
Index: concalc-0.9.2/src/global.cpp
===
--- concalc-0.9.2.orig/src/global.cpp	2008-08-11 11:16:49.0 -0400
+++ concalc-0.9.2/src/global.cpp	2011-11-11 11:41:02.813643851 -0500
@@ -6553,6 +6553,6 @@
 	}
 	
 	
-	fprintf(stderr,string);
+	fprintf(stderr,%s,string);
 	fprintf(stderr,\n);
 }

Bug#643366: concalc: FTBFS: concalc.cpp:442:22: error: format not a string literal and no format arguments [-Werror=format-security]

[Didier Raboud]

Source: concalc
Version: 0.9.2-1
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
 g++ -DHAVE_CONFIG_H -I. -I.. -g -O2 -fstack-protector 
 --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security 
 -Werror=format-security -Wall -c -o concalc.o concalc.cpp
 concalc.cpp: In function 'int main(int, char**)':
 concalc.cpp:442:22: error: format not a string literal and no format 
 arguments [-Werror=format-security]
 concalc.cpp:506:20: warning: deprecated conversion from string constant to 
 'char*' [-Wwrite-strings]
 concalc.cpp: In function 'void searchScripts(char*, Preferences*, Variable*, 
 ThreadSync*)':
 concalc.cpp:609:35: warning: deprecated conversion from string constant to 
 'char*' [-Wwrite-strings]
 concalc.cpp: In function 'void loadSubScripts(ThreadSync*, Preferences*, 
 Variable*, Script*)':
 concalc.cpp:681:49: error: format not a string literal and no format 
 arguments [-Werror=format-security]
 concalc.cpp:675:53: warning: ignoring return value of 'size_t fread(void*, 
 size_t, size_t, FILE*)', declared with attribute warn_unused_result 
 [-Wunused-result]
 concalc.cpp: In function 'void searchScripts(char*, Preferences*, Variable*, 
 ThreadSync*)':
 concalc.cpp:639:55: warning: ignoring return value of 'size_t fread(void*, 
 size_t, size_t, FILE*)', declared with attribute warn_unused_result 
 [-Wunused-result]
 concalc.cpp: In function 'int main(int, char**)':
 concalc.cpp:109:53: warning: ignoring return value of 'size_t fread(void*, 
 size_t, size_t, FILE*)', declared with attribute warn_unused_result 
 [-Wunused-result]
 concalc.cpp:303:24: warning: ignoring return value of 'int scanf(const char*, 
 ...)', declared with attribute warn_unused_result [-Wunused-result]
 concalc.cpp:529:23: warning: ignoring return value of 'int chdir(const 
 char*)', declared with attribute warn_unused_result [-Wunused-result]
 cc1plus: some warnings being treated as errors
 
 make[3]: *** [concalc.o] Error 1

The full build log is available from:
   
http://people.debian.org/~lucas/logs/2011/09/23/concalc_0.9.2-1_lsid64.buildlog

This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
under various conditions.

[0] http://lists.debian.org/debian-devel-announce/2011/09/msg1.html

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org