Ticket #3473 (closed defect: fixed)

Opened 10 years ago

Last modified 9 years ago

[patch] fix most -Wformat-nonliteral warnings

Reported by: and Owned by:
Priority: major Milestone: 4.8.15
Component: mc-core Version: master
Keywords: Cc:
Blocked By: Blocking:
Branch state: no branch Votes for changeset:

Description

fix most -Wformat-nonliteral warnings

https://fedoraproject.org/wiki/Format-Security-FAQ

not all warnings are fixable(?) and I don't want insert #pragma GCC diagnostic warning

please cross check real catch at lib/widget/gauge.c

Signed-off-by: Andreas Mohr <and@…>

regex.c:1011:56: error: format string is not a string literal [-Wformat-nonliteral]
tty-ncurses.c:641:37: error: format string is not a string literal [-Wformat-nonliteral]
direntry.c:709:28: error: format string is not a string literal [-Wformat-nonliteral]
direntry.c:713:28: error: format string is not a string literal [-Wformat-nonliteral]
interface.c:870:30: error: format string is not a string literal [-Wformat-nonliteral]
strutil.c:267:38: error: format string is not a string literal [-Wformat-nonliteral]
gauge.c:118:67: error: data argument not used by format string [-Wformat-extra-args]
label.c:200:37: error: format string is not a string literal [-Wformat-nonliteral]
util.c:1453:57: error: format string is not a string literal [-Wformat-nonliteral]
util.c:1427:57: error: format string is not a string literal [-Wformat-nonliteral]
serialize.c:65:37: error: format string is not a string literal [-Wformat-nonliteral]
hotlist.c:1571:34: error: format string is not a string literal [-Wformat-nonliteral]
info.c:255:31: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
cons.saver.c:213:52: warning: format string is not a string literal [-Wformat-nonliteral]
cons.saver.c:220:46: warning: format string is not a string literal [-Wformat-nonliteral]
fish.c:248:29: warning: format string is not a string literal [-Wformat-nonliteral]
fish.c:387:40: error: format string is not a string literal (potentially insecure) [-Wformat-security]
file.c:711:33: warning: format string is not a string literal [-Wformat-nonliteral]

Attachments

mc-3473-cleanup-format_nonliteral-warning.patch (13.5 KB) - added by and 10 years ago.

Change History

Changed 10 years ago by and

comment:1 follow-up: ↓ 2 Changed 9 years ago by and

bump
any comments? Nak? wait for 4.8.16?

At least have a look at lib/widget/gauge.c

comment:2 in reply to: ↑ 1 Changed 9 years ago by andrew_b

Replying to and:

At least have a look at lib/widget/gauge.c

Ok, did you test your patch yourself? The mc's behavior after this patch is very strange.

The correct patch is following:

diff --git a/lib/widget/gauge.c b/lib/widget/gauge.c
index 1909583..2253d6f 100644
--- a/lib/widget/gauge.c
+++ b/lib/widget/gauge.c
@@ -115,7 +115,7 @@ gauge_callback (Widget * w, Widget * sender, widget_msg_t msg, int parm, void *d
                 tty_setcolor (GAUGE_COLOR);
                 tty_printf ("%*s", columns, "");
                 tty_setcolor (h->color[DLG_COLOR_NORMAL]);
-                tty_printf ("] %3d%%", 100 * columns / gauge_len, percentage);
+                tty_printf ("] %3d%%", percentage);
             }
         }
         return MSG_HANDLED;

comment:3 Changed 9 years ago by and

Thanks for incorporate most cleanup code regarding non-literal warning.

In future I will split into smaller patch pieces for better regression test.
Should I "pollute" this ticket for non-literal warnings fixups or should all cleanup code requests going to cleanup ticket #3547 ?

comment:4 Changed 9 years ago by andrew_b

Most part of patch was applied. Remain parts look like following:

const char *error;

error = _("%s is not a directory\n");

fprintf (stderr, error, buffer);

In all cases this code is valid because we don't process untrusted strings. Therefore I want keep that as is.

comment:5 Changed 9 years ago by andrew_b

  • Status changed from new to closed
  • Resolution set to fixed
  • Milestone changed from Future Releases to 4.8.15
Note: See TracTickets for help on using tickets.