Ticket #3473 (closed defect: fixed)
[patch] fix most -Wformat-nonliteral warnings
| Reported by: | and | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 4.8.15 |
| Component: | mc-core | Version: | master |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Branch state: | no branch | Votes for changeset: |
Description
fix most -Wformat-nonliteral warnings
https://fedoraproject.org/wiki/Format-Security-FAQ
not all warnings are fixable(?) and I don't want insert #pragma GCC diagnostic warning
please cross check real catch at lib/widget/gauge.c
Signed-off-by: Andreas Mohr <and@…>
regex.c:1011:56: error: format string is not a string literal [-Wformat-nonliteral]
tty-ncurses.c:641:37: error: format string is not a string literal [-Wformat-nonliteral]
direntry.c:709:28: error: format string is not a string literal [-Wformat-nonliteral]
direntry.c:713:28: error: format string is not a string literal [-Wformat-nonliteral]
interface.c:870:30: error: format string is not a string literal [-Wformat-nonliteral]
strutil.c:267:38: error: format string is not a string literal [-Wformat-nonliteral]
gauge.c:118:67: error: data argument not used by format string [-Wformat-extra-args]
label.c:200:37: error: format string is not a string literal [-Wformat-nonliteral]
util.c:1453:57: error: format string is not a string literal [-Wformat-nonliteral]
util.c:1427:57: error: format string is not a string literal [-Wformat-nonliteral]
serialize.c:65:37: error: format string is not a string literal [-Wformat-nonliteral]
hotlist.c:1571:34: error: format string is not a string literal [-Wformat-nonliteral]
info.c:255:31: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
cons.saver.c:213:52: warning: format string is not a string literal [-Wformat-nonliteral]
cons.saver.c:220:46: warning: format string is not a string literal [-Wformat-nonliteral]
fish.c:248:29: warning: format string is not a string literal [-Wformat-nonliteral]
fish.c:387:40: error: format string is not a string literal (potentially insecure) [-Wformat-security]
file.c:711:33: warning: format string is not a string literal [-Wformat-nonliteral]
Attachments
Change History
comment:1 follow-up: ↓ 2 Changed 9 years ago by and
bump
any comments? Nak? wait for 4.8.16?
At least have a look at lib/widget/gauge.c
comment:2 in reply to: ↑ 1 Changed 9 years ago by andrew_b
Replying to and:
At least have a look at lib/widget/gauge.c
Ok, did you test your patch yourself? The mc's behavior after this patch is very strange.
The correct patch is following:
diff --git a/lib/widget/gauge.c b/lib/widget/gauge.c
index 1909583..2253d6f 100644
--- a/lib/widget/gauge.c
+++ b/lib/widget/gauge.c
@@ -115,7 +115,7 @@ gauge_callback (Widget * w, Widget * sender, widget_msg_t msg, int parm, void *d
tty_setcolor (GAUGE_COLOR);
tty_printf ("%*s", columns, "");
tty_setcolor (h->color[DLG_COLOR_NORMAL]);
- tty_printf ("] %3d%%", 100 * columns / gauge_len, percentage);
+ tty_printf ("] %3d%%", percentage);
}
}
return MSG_HANDLED;
comment:3 Changed 9 years ago by and
Thanks for incorporate most cleanup code regarding non-literal warning.
In future I will split into smaller patch pieces for better regression test.
Should I "pollute" this ticket for non-literal warnings fixups or should all cleanup code requests going to cleanup ticket #3547 ?
comment:4 Changed 9 years ago by andrew_b
Most part of patch was applied. Remain parts look like following:
const char *error;
error = _("%s is not a directory\n");
fprintf (stderr, error, buffer);
In all cases this code is valid because we don't process untrusted strings. Therefore I want keep that as is.
