Bug 16431

Summary: Fails to build with -Wformat-security
Product: PackageKit Reporter: Martin Pitt <martin.pitt>
Component: coreAssignee: Martin Pitt <martin.pitt>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Fix build with -Wformat-security

Description Martin Pitt 2008-06-19 09:40:24 UTC 
Created attachment 17231 [details] [review]
Fix build with -Wformat-security

PK uses -Werror (good thing!), and Ubuntu builds with -Wformat-security by default. This causes 0.2.2 to fail to build:

gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   -pthread -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include    -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include    -DBINDIR=\"/usr/local/bin\" -DSBINDIR=\"/usr/local/sbin\" -DDATADIR=\"/usr/local/share\" -DPREFIX=\""/usr/local"\" -DSYSCONFDIR=\""/usr/local/etc"\" -DLIBDIR=\""/usr/local/lib"\" -DVERSION="\"0.2.2\"" -DPK_DATA=\"/usr/local/share/PackageKit\" -DLOCALSTATEDIR=\""/usr/local/var"\" -DPK_DB_DIR=\""/usr/local/var/lib/PackageKit"\" -I../libpackagekit -I../libselftest -I../libgbus   -Werror -Wcast-align -Wno-uninitialized -Wall  -g -O2 -MT pk-main.o -MD -MP -MF .deps/pk-main.Tpo -c -o pk-main.o pk-main.c
cc1: warnings being treated as errors
pk-main.c: In function ‘pk_object_register’:
pk-main.c:88: error: format not a string literal and no format arguments

In that case, the passed string is not really a variable one which can be influenced from outside. Well, a broken translation with wrong format strings could break it, of course. Thus, just to let gcc have its peace, I'll applied attached patch which robustifies it.

Thanks for considering!

Martin
Comment 1 Richard Hughes 2008-06-19 11:30:05 UTC 
Yup, looks good, thanks. Can I give you commit? If that's okay please email me your chosen username and attach your public rsa ssh key and I'll add you to the server. Cheers dude!

Richard,
Comment 2 Martin Pitt 2008-06-19 23:06:44 UTC 
I already have an account for the standard fd.o git tree:

martin@annarchy:~$ groups
freedesktop hal

(I'm committer for hal/hal-info)

Do you want me to commit such trivial bugfixes, and fixes to the apt backend directly to trunk, or shall I just put my own branch for bug fixes somewhere, too and ask you for merging in bug reports?

If you keep branches somewhere else than on fd.o, my desktop and laptop SSH keys are "martin@donald" and "martin@tick" on https://launchpad.net/~pitti/+sshkeys (I don't need the other two). Username "pitti", or "martin", or "martin.pitt" or something will do, I don't care much. Thanks!
Comment 3 Richard Hughes 2008-06-23 03:26:53 UTC 
I've added you to our private server, and sent you a mail with more instructions. Your username is pitti. Please commit directly on the master branch. Thanks! Yell if there are any problems.
Comment 4 Martin Pitt 2008-06-24 02:05:52 UTC 
commit 3d88ab0c54bc7264848bc9fb3a47a208feeeaa78
Author: Martin Pitt <martin.pitt@ubuntu.com>
Date:   Tue Jun 24 11:02:49 2008 +0200

    Fix building with -Wformat-security. -- fd#16431

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.