[patch #8546] 0.8.4 debian package build stopped because of render-test.

pspp-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[patch #8546] 0.8.4 debian package build stopped because of render-test.

From:	Friedrich Beckmann
Subject:	[patch #8546] 0.8.4 debian package build stopped because of render-test.c security warning
Date:	Sun, 28 Sep 2014 21:00:01 +0000
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10

URL:
  <http://savannah.gnu.org/patch/?8546>

                 Summary: 0.8.4 debian package build stopped because of
render-test.c security warning
                 Project: PSPP
            Submitted by: beckmanf
            Submitted on: So 28 Sep 2014 20:59:59 GMT
                Category: None
              Item Group: None
                  Status: None
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

The debian build stops because of compilation security error for render-test.c
during the build process. The following message is shown:

=============== ERROR LOG ==========
gcc -std=gnu99 -DHAVE_CONFIG_H -I.  -I./gl -I./gl -DINSTALLDIR=\"/usr/bin\"
-I./src -I./lib -I./src/language/stats -I./src/lang
uage/expressions -I./src/language/expressions -Isrc -D_FORTIFY_SOURCE=2
-pthread -I/usr/include/cairo -I/usr/include/glib-2.0
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/pixman-1
-I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/pango-1.0  
-Wall -W -Wwrite-strings -Wstrict-prototypes -Wpointer-arith -Wno-sign-compare
-Wmissing-prototypes -g -O2 -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -Wdeclaration-after-statement -c -o
tests/output/render-test.o tests/output/render-test.c
tests/output/render-test.c: In function ‘read_table’:
tests/output/render-test.c:491:19: error: format not a string literal and no
format arguments [-Werror=format-security]
cc1: some warnings being treated as errors
make[5]: *** [tests/output/render-test.o] Fehler 1
=============== ERROR LOG ================

The warning is given, because the function tab_footnote results in printf. But
in the test scenario the format string is not a literal and no additional
arguments are given.

The attached patch avoids the security warning during compilation.  



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: So 28 Sep 2014 20:59:59 GMT  Name: render-test.patch  Size: 537B   By:
beckmanf
patch for tests/output/render-test.c
<http://savannah.gnu.org/patch/download.php?file_id=32194>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/patch/?8546>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[patch #8546] 0.8.4 debian package build stopped because of render-test.c security warning, Friedrich Beckmann <=
- [patch #8546] 0.8.4 debian package build stopped because of render-test.c security warning, Ben Pfaff, 2014/09/28

Prev by Date: New Ukrainian PO file for 'pspp' (version 0.8.4)
Next by Date: [patch #8546] 0.8.4 debian package build stopped because of render-test.c security warning
Previous by thread: New Ukrainian PO file for 'pspp' (version 0.8.4)
Next by thread: [patch #8546] 0.8.4 debian package build stopped because of render-test.c security warning
Index(es):
- Date
- Thread