Bug#661381: libberkeleydb-perl: FTBFS with hardening flags enabled: -Werror=format-security

Dominic Hargreaves Sun, 26 Feb 2012 12:06:18 -0800

Source: libberkeleydb-perl
Severity: normal
Version: 0.49-1

With hardening flags enabled, this package FTBFS:


BerkeleyDB.xs: In function 'softCrash':
BerkeleyDB.xs:948:5: error: format not a string literal and no format arguments 
[-Werror=format-security]

(this is the first error of this type seen: it's possible that there
could be others once this is fixed).

A likely fix is to change croak(var) to croak("%s", var)[1].

Note that I haven't verified whether an externally-controlled string is
used; if so, it would be appropriate to upgrade this bug RC severity
with the security tag[2].

Thanks,
Dominic.

[1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#92>
[2] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#117>

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#661381: libberkeleydb-perl: FTBFS with hardening flags enabled: -Werror=format-security

Reply via email to