Format security error


#1

Hi,
curently gnomevfs code fails to build with -Wformat
-Werror=format-security because of the following code in
gnomevfs-result.c

    GError* error = g_error_new(GNOME_VFS_ERROR, result,
                                gnome_vfs_result_to_string(result));

error is :

gnomevfs-result.c:50: error: format not a string literal and no format
arguments

I think it’s totally safe code as gnome_vfs_result_to_string actually
returns a const string nont containing any % but gcc doesn’t see that
far.

Is this OK to change the line to the following ?

    GError* error = g_error_new(GNOME_VFS_ERROR, result, "%s",
                                gnome_vfs_result_to_string(result));

It would allow to build with this option, which is used by default when
building Mandriva packages, and maybe some other distros, but would not
actually improve security.


#2

Hi,

In 1242651616.29549.5.camel@plop
“[ruby-gnome2-devel-en] format security error” on Mon, 18 May 2009
14:00:16 +0100,
Pascal T. removed_email_address@domain.invalid wrote:

arguments
It would allow to build with this option, which is used by default when
building Mandriva packages, and maybe some other distros, but would not
actually improve security.

Thanks for reporting.
I’ve applied your change into trunk.

P.S. I want to release Ruby-GNOME2 0.19.0. (development version)
Anyone know critical bugs on trunk?

Thanks,

kou


#3

Le mardi 19 mai 2009 à 21:28 +0900, Kouhei S. a écrit :

P.S. I want to release Ruby-GNOME2 0.19.0. (development version)
Anyone know critical bugs on trunk?

I think panel-applet2.rb does not get installed because of commit 3456

Real Makefiles are now generated in src/ and main/ so none installs the
content of lib/


#4

Hi,

In 1242742750.13848.2.camel@plop
“Re: [ruby-gnome2-devel-en] format security error” on Tue, 19 May 2009
15:19:10 +0100,
Pascal T. removed_email_address@domain.invalid wrote:

Le mardi 19 mai 2009 à 21:28 +0900, Kouhei S. a écrit :

P.S. I want to release Ruby-GNOME2 0.19.0. (development version)
Anyone know critical bugs on trunk?

I think panel-applet2.rb does not get installed because of commit 3456

Real Makefiles are now generated in src/ and main/ so none installs the
content of lib/

Thanks for reporting.
I’ve fixed it in trunk.

Thanks,

kou