Control: tags -1 + patch bookworm sid Am 19.09.2021 um 09:13 schrieb Helmut Grohne:
> Source: gdisk > Version: 1.0.8-3 > Severity: serious > Tags: ftbfs > > > gdisk fails to build from source in unstable on amd64. A build ends as > follows: > > | x86_64-linux-gnu-g++ -g -O2 > | -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong > | -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 > | -Wdate-time -D_FORTIFY_SOURCE=2 -c -o gptcurses.o gptcurses.cc > | gptcurses.cc: In member function ‘Space* GPTDataCurses::ShowSpace(int, > int)’: > | gptcurses.cc:242:87: error: format not a string literal and no format > arguments [-Werror=format-security] > | 242 | printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), > blockSize).c_str()); > | | > ^ > | gptcurses.cc:249:87: error: format not a string literal and no format > arguments [-Werror=format-security] > | 249 | printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), > blockSize).c_str()); > | | > ^ > | gptcurses.cc:251:55: error: format not a string literal and no format > arguments [-Werror=format-security] > | 251 | printw(space->origPart->GetTypeName().c_str()); > | | ^ > | gptcurses.cc:257:58: error: format not a string literal and no format > arguments [-Werror=format-security] > | 257 | printw(space->origPart->GetDescription().c_str()); > | | ^ > | gptcurses.cc: In member function ‘int GPTDataCurses::DisplayParts(int)’: > | gptcurses.cc:274:26: error: format not a string literal and no format > arguments [-Werror=format-security] > | 274 | printw(theLine.c_str()); > | | ^ > | gptcurses.cc:277:26: error: format not a string literal and no format > arguments [-Werror=format-security] > | 277 | printw(theLine.c_str()); > | | ^ > | gptcurses.cc: In member function ‘void GPTDataCurses::ShowInfo(int)’: > | gptcurses.cc:336:29: warning: format ‘%lld’ expects argument of type > | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 336 | printw("First sector: %lld (at %s)\n", > partitions[partNum].GetFirstLBA(), > | | ~~~^ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > | | | > | > | | long long int > uint64_t {aka long unsigned int} > | | %ld > | gptcurses.cc:338:28: warning: format ‘%lld’ expects argument of type > | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 338 | printw("Last sector: %lld (at %s)\n", > partitions[partNum].GetLastLBA(), > | | ~~~^ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > | | | > | > | | long long int > uint64_t {aka long unsigned int} > | | %ld > | gptcurses.cc:341:31: warning: format ‘%lld’ expects argument of type > | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 341 | printw("Partition size: %lld sectors (%s)\n", size, > BytesToIeee(size, blockSize).c_str()); > | | ~~~^ ~~~~ > | | | | > | | long long int uint64_t {aka long > unsigned int} > | | %ld > | gptcurses.cc:342:33: warning: format ‘%x’ expects argument of type > | ‘unsigned int’, but argument 2 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 342 | printw("Attribute flags: %016x\n", > partitions[partNum].GetAttributes().GetAttributes()); > | | ~~~~^ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > | | | > | > | | unsigned int uint64_t {aka > | | long unsigned int} > | | %016lx > | gptcurses.cc: In member function ‘void GPTDataCurses::MakeNewPart()’: > | gptcurses.cc:444:32: warning: format ‘%lld’ expects argument of type > | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 444 | printw("First sector (%lld-%lld, default = %lld): ", > newFirstLBA, currentSpace->lastLBA, newFirstLBA); > | | ~~~^ > ~~~~~~~~~~~ > | | | | > | | long long int uint64_t > {aka long unsigned int} > | | %ld > | gptcurses.cc:444:37: warning: format ‘%lld’ expects argument of type > | ‘long long int’, but argument 3 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 444 | printw("First sector (%lld-%lld, default = %lld): ", > newFirstLBA, currentSpace->lastLBA, newFirstLBA); > | | ~~~^ > ~~~~~~~~~~~~~~~~~~~~~ > | | | > | > | | long long int uint64_t > | | {aka long unsigned int} > | | %ld > | gptcurses.cc:444:53: warning: format ‘%lld’ expects argument of type > | ‘long long int’, but argument 4 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 444 | printw("First sector (%lld-%lld, default = %lld): ", > newFirstLBA, currentSpace->lastLBA, newFirstLBA); > | | ~~~^ > ~~~~~~~~~~~ > | | | > | > | | long long int > | | uint64_t {aka long unsigned int} > | | %ld > | gptcurses.cc:455:56: warning: format ‘%lld’ expects argument of type > | ‘long long int’, but argument 2 has type ‘uint64_t’ {aka ‘long > | unsigned int’} [-Wformat=] > | 455 | printw("Size in sectors or {KMGTP} (default = %lld): ", size); > | | ~~~^ ~~~~ > | | | | > | | | > uint64_t {aka long unsigned int} > | | long long int > | | %ld > | gptcurses.cc: In member function ‘void GPTDataCurses::DisplayOptions(char)’: > | gptcurses.cc:639:32: error: format not a string literal and no format > arguments [-Werror=format-security] > | 639 | printw(optionDesc.c_str()); > | | ^ > | gptcurses.cc: In member function ‘void GPTDataCurses::DrawMenu()’: > | gptcurses.cc:751:24: error: format not a string literal and no format > arguments [-Werror=format-security] > | 751 | printw(title.c_str()); > | | ^ > | gptcurses.cc:753:24: error: format not a string literal and no format > arguments [-Werror=format-security] > | 753 | printw(drive.c_str()); > | | ^ > | gptcurses.cc:755:29: error: format not a string literal and no format > arguments [-Werror=format-security] > | 755 | printw(size.str().c_str()); > | | ^ > | gptcurses.cc: In function ‘void Report(std::string)’: > | gptcurses.cc:805:26: error: format not a string literal and no format > arguments [-Werror=format-security] > | 805 | printw(theText.c_str()); > | | ^ > | cc1plus: some warnings being treated as errors > | make[2]: *** [<builtin>: gptcurses.o] Error 1 > | make[2]: Leaving directory '/<<PKGBUILDDIR>>' > | dh_auto_build: error: make -j1 "INSTALL=install --strip-program=true" > CXX=x86_64-linux-gnu-g\+\+ returned exit code 2 > | make[1]: *** [debian/rules:17: override_dh_auto_build] Error 25 > | make[1]: Leaving directory '/<<PKGBUILDDIR>>' > | make: *** [debian/rules:30: binary] Error 2 > | dpkg-buildpackage: error: debian/rules binary subprocess returned exit > status 2 > > Very likely, this is due to the recent ncurses upload which improved > security annotations of function declarations. Indeed, that had been requested in #993179. The solution is to add "%s" as first argument to the printw call in all these cases, see the attached patch.
From 9fdc28cecc648ba4487109153b054dce72594160 Mon Sep 17 00:00:00 2001 From: Sven Joachim <svenj...@gmx.de> Date: Wed, 13 Oct 2021 17:21:14 +0200 Subject: [PATCH] Fix string format errors with recent ncurses --- gptcurses.cc | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/gptcurses.cc b/gptcurses.cc index 1fbaad2..b9402cd 100644 --- a/gptcurses.cc +++ b/gptcurses.cc @@ -239,22 +239,22 @@ Space* GPTDataCurses::ShowSpace(int spaceNum, int lineNum) { ClearLine(lineNum); if (space->partNum == -1) { // space is empty move(lineNum, 12); - printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str()); + printw("%s", BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str()); move(lineNum, 24); printw("free space"); } else { // space holds a partition move(lineNum, 3); printw("%d", space->partNum + 1); move(lineNum, 12); - printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str()); + printw("%s", BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str()); move(lineNum, 24); - printw(space->origPart->GetTypeName().c_str()); + printw("%s", space->origPart->GetTypeName().c_str()); move(lineNum, 50); #ifdef USE_UTF16 space->origPart->GetDescription().extract(0, 39, temp, 39); printw(temp); #else - printw(space->origPart->GetDescription().c_str()); + printw("%s", space->origPart->GetDescription().c_str()); #endif } // if/else } // if @@ -271,10 +271,10 @@ int GPTDataCurses::DisplayParts(int selected) { move(lineNum++, 0); theLine = "Part. # Size Partition Type Partition Name"; - printw(theLine.c_str()); + printw("%s", theLine.c_str()); move(lineNum++, 0); theLine = "----------------------------------------------------------------"; - printw(theLine.c_str()); + printw("%s", theLine.c_str()); numToShow = LINES - RESERVED_TOP - RESERVED_BOTTOM; pageNum = selected / numToShow; for (i = pageNum * numToShow; i <= (pageNum + 1) * numToShow - 1; i++) { @@ -636,7 +636,7 @@ void GPTDataCurses::DisplayOptions(char selectedKey) { } // if/else } // for move(LINES - 1, (COLS - optionDesc.length()) / 2); - printw(optionDesc.c_str()); + printw("%s", optionDesc.c_str()); currentKey = selectedKey; } // if } // GPTDataCurses::DisplayOptions() @@ -748,11 +748,11 @@ void GPTDataCurses::DrawMenu(void) { clear(); move(0, (COLS - title.length()) / 2); - printw(title.c_str()); + printw("%s", title.c_str()); move(2, (COLS - drive.length()) / 2); - printw(drive.c_str()); + printw("%s", drive.c_str()); move(3, (COLS - size.str().length()) / 2); - printw(size.str().c_str()); + printw("%s", size.str().c_str()); DisplayParts(currentSpaceNum); } // DrawMenu @@ -802,7 +802,7 @@ void PromptToContinue(void) { void Report(string theText) { clear(); move(0, 0); - printw(theText.c_str()); + printw("%s", theText.c_str()); move(LINES - 2, (COLS - 29) / 2); printw("Press any key to continue...."); cbreak(); -- 2.33.0