Bug#654263: mlview: FTBFS on armhf, reproduced on amd64, error: format not a, string literal and no format arguments [-Werror=format-security]

Fri, 06 Jan 2012 16:45:18 -0800 

tags 654263 +patch
thanks

https://buildd.debian.org/status/package.php?p=mlview&suite=sid 
<https://buildd.debian.org/status/package.php?p=mlview&suite=sid>

The build failure was seen on armhf, but I have reproduced it on a sid
amd64 system, hence the security raise to serious.


I attatch two patches that between them make the package build.
just drop them in debian/patches (the package uses simple-patchsys)

The first patch fixes up format security issues. The second fixes an
error about UString::UString referencing the constructor not the class.


diff -ur mlview-0.9.0/src/mlview-app-context.cc mlview-0.9.0.new/src/mlview-app-context.cc
--- mlview-0.9.0/src/mlview-app-context.cc	2005-08-07 07:42:28.000000000 +0000
+++ mlview-0.9.0.new/src/mlview-app-context.cc	2012-01-06 22:14:46.000000000 +0000
@@ -724,7 +724,7 @@
 	if (warning_msg) {
 		mlview_utils_display_warning_dialog ((const gchar*)warning_msg) ;
 	} else if (warning_msg) {
-		g_printerr (warning_msg);
+		g_printerr ("%s",warning_msg);
 	}
 
 	if (warning_msg) {
diff -ur mlview-0.9.0/src/mlview-utils.cc mlview-0.9.0.new/src/mlview-utils.cc
--- mlview-0.9.0/src/mlview-utils.cc	2005-08-07 07:42:29.000000000 +0000
+++ mlview-0.9.0.new/src/mlview-utils.cc	2012-01-07 00:04:55.000000000 +0000
@@ -4410,7 +4410,7 @@
 	err_dialog = gtk_message_dialog_new (NULL, GTK_DIALOG_MODAL,
 	                                     a_msg_type,
 	                                     GTK_BUTTONS_CLOSE,
-	                                     err_msg) ;
+	                                     "%s",err_msg) ;
 
 	g_return_if_fail (err_dialog) ;
 	gtk_dialog_set_default_response
diff -ur mlview-0.9.0/src/recent-files/egg-recent-model.c mlview-0.9.0.new/src/recent-files/egg-recent-model.c
--- mlview-0.9.0/src/recent-files/egg-recent-model.c	2005-03-17 20:48:58.000000000 +0000
+++ mlview-0.9.0.new/src/recent-files/egg-recent-model.c	2012-01-06 22:07:14.000000000 +0000
@@ -735,7 +735,7 @@
 	error = NULL;
 	if (!g_markup_parse_context_parse (ctx, content, strlen (content),
 					   &error)) {
-		g_warning (error->message);
+		g_warning ("%s",error->message);
 		g_error_free (error);
 		error = NULL;
 		goto out;

diff -ur mlview-0.9.0/src/mlview-ustring.cc mlview-0.9.0.new/src/mlview-ustring.cc
--- mlview-0.9.0/src/mlview-ustring.cc	2005-07-31 19:16:16.000000000 +0000
+++ mlview-0.9.0.new/src/mlview-ustring.cc	2012-01-06 22:13:32.000000000 +0000
@@ -59,7 +59,7 @@
 UString::~UString ()
 {}
 
-UString::UString&
+UString&
 UString::operator= (const char *a_cstr)
 {
 	if (!a_cstr)

Reply via email to