Hi,
I'm trying to build a package for resubmission. However it fails with messages like that
In file included from ./include/UpTools/UpLog.h:77,
from UpLog.cc:46:UpLog.cc: In function 'void upOpenLogFileInternal(const char*, int, const char*, int, int (*)(char*))':
./include/UpTools/UpLog.inl:63:30: error: format not a string literal and no format arguments [-Werror=format-security]
63 | syslog(level, __VA_ARGS__ ); \
| ^
End of message
The line in the code is:
n += snprintf(logbuf+n,MAXLOGLINE-1-n, __VA_ARGS__ ); \
And also this warning:
UpLog.cc: In function 'void upOpenLogInternal(const char*, int, int, int)':
./include/UpTools/UpLog.inl:69:11: warning: ignoring return value of 'ssize_t write(int, const void*, size_t)' declared with attribute 'warn_unused_result' [-Wunused-result]
69 | ::write(upLogFd,logbuf,n); \
| ~~~~~~~^~~~~~~~~~~~~~~~~~
./include/UpTools/UpLog.h:115:26: note: in expansion of macro '_UPLOG_'
115 | #define UPLOG(level,...) _UPLOG_(level, __VA_ARGS__ )
./include/UpTools/UpLog.inl:69:11: warning: ignoring return value of 'ssize_t write(int, const void*, size_t)' declared with attribute 'warn_unused_result' [-Wunused-result]
69 | ::write(upLogFd,logbuf,n); \
| ~~~~~~~^~~~~~~~~~~~~~~~~~
./include/UpTools/UpLog.h:115:26: note: in expansion of macro '_UPLOG_'
115 | #define UPLOG(level,...) _UPLOG_(level, __VA_ARGS__ )
End of message
The line in the code is :
if(upLogPerror) ::write(2,logbuf,n); \
Regarding to " format not a string literal and no format arguments [-Werror=format-security]" message.
Afaik instructions of kind printf(format,var1,var2,...) always be fail, since it can't verify in compile time that the format includes the number of variables that appears later.
If the developer does not use entered formats by the user, the exploit disappear, doesn't it?
So the question is: in this case I can override the Fedora compiler flags?
Thanks in advance!
--
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
