Bug#643419: FTBFS: cr-statement.c:2614:17: error: format not a string literal and no format arguments [-Werror=format-security]
Steve Langasek
steve.langasek at canonical.com
Thu Oct 20 21:48:29 UTC 2011
Package: libcroco
Version: 0.6.2-1
Followup-For: Bug #643419
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
Hi there,
Please find attached a patch for this issue. It is being included in the
Ubuntu build of libcroco with the following changelog entry:
* src/cr-statement.c, tests/test{2,3}-main.c: fix passing of variables to
printf() when we should have a format string, to be safe. The tests/
problems are false positives because we control the input, and no
existing reverse dependencies call cr_statement_dump*, but better safe
than sorry. Closes: #643419.
Thanks for considering the patch.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
=== modified file 'src/cr-statement.c'
--- src/cr-statement.c 2009-11-04 10:22:19 +0000
+++ src/cr-statement.c 2011-10-20 21:35:05 +0000
@@ -2611,7 +2611,7 @@
g_return_if_fail (a_fp && a_this);
str = cr_statement_ruleset_to_string (a_this, a_indent);
if (str) {
- fprintf (a_fp, str);
+ fprintf (a_fp, "%s", str);
g_free (str);
str = NULL;
}
@@ -2662,7 +2662,7 @@
str = cr_statement_charset_to_string (a_this,
a_indent) ;
if (str) {
- fprintf (a_fp, str) ;
+ fprintf (a_fp, "%s", str) ;
g_free (str) ;
str = NULL ;
}
@@ -2689,7 +2689,7 @@
str = cr_statement_at_page_rule_to_string (a_this, a_indent) ;
if (str) {
- fprintf (a_fp, str);
+ fprintf (a_fp, "%s", str);
g_free (str) ;
str = NULL ;
}
@@ -2715,7 +2715,7 @@
str = cr_statement_media_rule_to_string (a_this, a_indent) ;
if (str) {
- fprintf (a_fp, str) ;
+ fprintf (a_fp, "%s", str) ;
g_free (str) ;
str = NULL ;
}
@@ -2741,7 +2741,7 @@
str = cr_statement_import_rule_to_string (a_this, a_indent) ;
if (str) {
- fprintf (a_fp, str) ;
+ fprintf (a_fp, "%s", str) ;
g_free (str) ;
str = NULL ;
}
=== modified file 'tests/test2-main.c'
--- tests/test2-main.c 2004-07-29 23:30:57 +0000
+++ tests/test2-main.c 2011-10-20 21:37:25 +0000
@@ -130,7 +130,7 @@
((CRString *) cur->data)->stryng->len);
if (str) {
- fprintf (stdout, str);
+ fprintf (stdout, "%s", str);
fprintf (stdout, "\n");
g_free (str);
str = NULL;
@@ -145,7 +145,7 @@
guchar *str = cr_string_dup2
(a_uri_default_ns) ;
if (str) {
- fprintf (stdout, str);
+ fprintf (stdout, "%s", str);
fprintf (stdout, "\n");
g_free (str);
str = NULL;
@@ -270,7 +270,7 @@
a_name->stryng->len);
if (name) {
- fprintf (stdout, name);
+ fprintf (stdout, "%s", name);
}
if (a_expr) {
fprintf (stdout, ": ");
=== modified file 'tests/test3-main.c'
--- tests/test3-main.c 2004-07-29 23:30:57 +0000
+++ tests/test3-main.c 2011-10-20 21:41:00 +0000
@@ -123,7 +123,7 @@
guchar *str =
cr_string_dup2 ((CRString *) cur->data);
if (str) {
- fprintf (stdout, str);
+ fprintf (stdout, "%s", str);
fprintf (stdout, "\n");
g_free (str);
str = NULL;
@@ -136,7 +136,7 @@
if (a_uri_default_ns) {
guchar *str = cr_string_dup2 (a_uri_default_ns) ;
if (str) {
- fprintf (stdout, str);
+ fprintf (stdout, "%s", str);
fprintf (stdout, "\n");
g_free (str);
str = NULL;
@@ -255,7 +255,7 @@
if (a_name) {
guchar *name = cr_string_dup2 (a_name);
if (name) {
- fprintf (stdout, name);
+ fprintf (stdout, "%s", name);
}
if (a_expr) {
fprintf (stdout, ": ");
More information about the pkg-gnome-maintainers
mailing list