[PATCH] Avoid -Wformat=security failures with --disable-nls

Pádraig Brady Fri, 17 Jan 2025 05:06:14 -0800

I suspect commit 6f6cc5e "Use the translation domain gnulib"
triggered the following -Werror=format-security issue with ./configure 
--disable-nls,
due to the redefinition of _(), but the attached works around the issue for 
coreutils at least.


  lib/xmemcoll.c:39:3: error: format not a string literal and no format 
arguments [-Werror=format-security]
     39 |   error (0, collation_errno, _("string comparison failed"));


cheers,
Pádraig

From 2481e7a50d6535582856626b53009f419e2e05e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <p...@draigbrady.com>
Date: Fri, 17 Jan 2025 13:01:40 +0000
Subject: [PATCH] Avoid -Wformat=security failures with --disable-nls

This was noticed with GCC 14.

* lib/xmemcoll.c: Always use format arguments.
* lib/xprintf.c: Likewise.
---
 ChangeLog      | 7 +++++++
 lib/xmemcoll.c | 4 ++--
 lib/xprintf.c  | 4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8a77ff50a8..f80d7579c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2025-01-17  Pádraig Brady  <p...@draigbrady.com>
+
+	Avoid -Wformat=security failures with --disable-nls
+	This was noticed with GCC 14.
+	* lib/xmemcoll.c: Always use format arguments.
+	* lib/xprintf.c: Likewise.
+
 2025-01-16  Paul Eggert  <egg...@cs.ucla.edu>
 
 	crc-x86_64: fix unaligned access
diff --git a/lib/xmemcoll.c b/lib/xmemcoll.c
index d1b141c9e0..c0ac7c4863 100644
--- a/lib/xmemcoll.c
+++ b/lib/xmemcoll.c
@@ -36,8 +36,8 @@ collate_error (int collation_errno,
                char const *s1, size_t s1len,
                char const *s2, size_t s2len)
 {
-  error (0, collation_errno, _("string comparison failed"));
-  error (0, 0, _("Set LC_ALL='C' to work around the problem."));
+  error (0, collation_errno, "%s", _("string comparison failed"));
+  error (0, 0, "%s", _("Set LC_ALL='C' to work around the problem."));
   error (exit_failure, 0,
          _("The strings compared were %s and %s."),
          quotearg_n_style_mem (0, locale_quoting_style, s1, s1len),
diff --git a/lib/xprintf.c b/lib/xprintf.c
index 790af5320b..4d9a3e5e4d 100644
--- a/lib/xprintf.c
+++ b/lib/xprintf.c
@@ -45,7 +45,7 @@ xvprintf (char const *restrict format, va_list args)
 {
   off64_t retval = vzprintf (format, args);
   if (retval < 0 && ! ferror (stdout))
-    error (exit_failure, errno, _("cannot perform formatted output"));
+    error (exit_failure, errno, "%s", _("cannot perform formatted output"));
 
   return retval;
 }
@@ -67,7 +67,7 @@ xvfprintf (FILE *restrict stream, char const *restrict format, va_list args)
 {
   off64_t retval = vfzprintf (stream, format, args);
   if (retval < 0 && ! ferror (stream))
-    error (exit_failure, errno, _("cannot perform formatted output"));
+    error (exit_failure, errno, "%s", _("cannot perform formatted output"));
 
   return retval;
 }
-- 
2.47.1

[PATCH] Avoid -Wformat=security failures with --disable-nls

Reply via email to