Bug 16431 - Fails to build with -Wformat-security
Summary: Fails to build with -Wformat-security
Alias: None
Product: PackageKit
Classification: Unclassified
Component: core (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Martin Pitt
QA Contact:
Depends on:
Reported: 2008-06-19 09:40 UTC by Martin Pitt
Modified: 2008-06-24 02:05 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Fix build with -Wformat-security (689 bytes, patch)
2008-06-19 09:40 UTC, Martin Pitt
Details | Splinter Review

Description Martin Pitt 2008-06-19 09:40:24 UTC
Created attachment 17231 [details] [review]
Fix build with -Wformat-security

PK uses -Werror (good thing!), and Ubuntu builds with -Wformat-security by default. This causes 0.2.2 to fail to build:

gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   -pthread -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include    -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include    -DBINDIR=\"/usr/local/bin\" -DSBINDIR=\"/usr/local/sbin\" -DDATADIR=\"/usr/local/share\" -DPREFIX=\""/usr/local"\" -DSYSCONFDIR=\""/usr/local/etc"\" -DLIBDIR=\""/usr/local/lib"\" -DVERSION="\"0.2.2\"" -DPK_DATA=\"/usr/local/share/PackageKit\" -DLOCALSTATEDIR=\""/usr/local/var"\" -DPK_DB_DIR=\""/usr/local/var/lib/PackageKit"\" -I../libpackagekit -I../libselftest -I../libgbus   -Werror -Wcast-align -Wno-uninitialized -Wall  -g -O2 -MT pk-main.o -MD -MP -MF .deps/pk-main.Tpo -c -o pk-main.o pk-main.c
cc1: warnings being treated as errors
pk-main.c: In function ‘pk_object_register’:
pk-main.c:88: error: format not a string literal and no format arguments

In that case, the passed string is not really a variable one which can be influenced from outside. Well, a broken translation with wrong format strings could break it, of course. Thus, just to let gcc have its peace, I'll applied attached patch which robustifies it.

Thanks for considering!

Comment 1 Richard Hughes 2008-06-19 11:30:05 UTC
Yup, looks good, thanks. Can I give you commit? If that's okay please email me your chosen username and attach your public rsa ssh key and I'll add you to the server. Cheers dude!

Comment 2 Martin Pitt 2008-06-19 23:06:44 UTC
I already have an account for the standard fd.o git tree:

martin@annarchy:~$ groups
freedesktop hal

(I'm committer for hal/hal-info)

Do you want me to commit such trivial bugfixes, and fixes to the apt backend directly to trunk, or shall I just put my own branch for bug fixes somewhere, too and ask you for merging in bug reports?

If you keep branches somewhere else than on fd.o, my desktop and laptop SSH keys are "martin@donald" and "martin@tick" on https://launchpad.net/~pitti/+sshkeys (I don't need the other two). Username "pitti", or "martin", or "martin.pitt" or something will do, I don't care much. Thanks!
Comment 3 Richard Hughes 2008-06-23 03:26:53 UTC
I've added you to our private server, and sent you a mail with more instructions. Your username is pitti. Please commit directly on the master branch. Thanks! Yell if there are any problems.
Comment 4 Martin Pitt 2008-06-24 02:05:52 UTC
commit 3d88ab0c54bc7264848bc9fb3a47a208feeeaa78
Author: Martin Pitt <martin.pitt@ubuntu.com>
Date:   Tue Jun 24 11:02:49 2008 +0200

    Fix building with -Wformat-security. -- fd#16431

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.