Forum: Ruby-Gnome 2 format security error

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
410b48431c65b22d7ae941abd79ac89d?d=identicon&s=25 Pascal Terjan (Guest)
on 2009-05-18 14:52
(Received via mailing list)
Hi,
curently gnomevfs code fails to build with -Wformat
-Werror=format-security because of the following code in
gnomevfs-result.c

        GError* error = g_error_new(GNOME_VFS_ERROR, result,
                                    gnome_vfs_result_to_string(result));

error is :

gnomevfs-result.c:50: error: format not a string literal and no format
arguments

I think it's totally safe code as gnome_vfs_result_to_string actually
returns a const string nont containing any % but gcc doesn't see that
far.

Is this OK to change the line to the following ?

        GError* error = g_error_new(GNOME_VFS_ERROR, result, "%s",
                                    gnome_vfs_result_to_string(result));

It would allow to build with this option, which is used by default when
building Mandriva packages, and maybe some other distros, but would not
actually improve security.
Ee6ffca720cc428d70247dcd7377dd48?d=identicon&s=25 Kouhei Sutou (Guest)
on 2009-05-19 14:46
(Received via mailing list)
Hi,

In <1242651616.29549.5.camel@plop>
  "[ruby-gnome2-devel-en] format security error" on Mon, 18 May 2009
14:00:16 +0100,
  Pascal Terjan <pterjan@linuxfr.org> wrote:

> arguments
> It would allow to build with this option, which is used by default when
> building Mandriva packages, and maybe some other distros, but would not
> actually improve security.

Thanks for reporting.
I've applied your change into trunk.


P.S. I want to release Ruby-GNOME2 0.19.0. (development version)
Anyone know critical bugs on trunk?


Thanks,
--
kou
410b48431c65b22d7ae941abd79ac89d?d=identicon&s=25 Pascal Terjan (Guest)
on 2009-05-19 15:23
(Received via mailing list)
Le mardi 19 mai 2009 à 21:28 +0900, Kouhei Sutou a écrit :

> P.S. I want to release Ruby-GNOME2 0.19.0. (development version)
> Anyone know critical bugs on trunk?

I think panel-applet2.rb does not get installed because of commit 3456

Real Makefiles are now generated in src/ and main/ so none installs the
content of lib/
Ee6ffca720cc428d70247dcd7377dd48?d=identicon&s=25 Kouhei Sutou (Guest)
on 2009-05-21 13:56
(Received via mailing list)
Hi,

In <1242742750.13848.2.camel@plop>
  "Re: [ruby-gnome2-devel-en] format security error" on Tue, 19 May 2009
15:19:10 +0100,
  Pascal Terjan <pterjan@linuxfr.org> wrote:

> Le mardi 19 mai 2009 à 21:28 +0900, Kouhei Sutou a écrit :
>
>> P.S. I want to release Ruby-GNOME2 0.19.0. (development version)
>> Anyone know critical bugs on trunk?
>
> I think panel-applet2.rb does not get installed because of commit 3456
>
> Real Makefiles are now generated in src/ and main/ so none installs the
> content of lib/

Thanks for reporting.
I've fixed it in trunk.


Thanks,
--
kou
This topic is locked and can not be replied to.