Backport upstream Wformat-security fix
This commit is contained in:
Daan De Meyer
parent
e451de84b8
commit
dfc888e131
48
format-security.patch
Normal file
48
format-security.patch
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
From 2adb43c60afc6e98e94d86dad9f93d3df52862b1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sergei Trofimovich <slyich@gmail.com>
|
||||||
|
Date: Mon, 1 Nov 2021 08:00:30 +0000
|
||||||
|
Subject: src/cdda-player.c: always use "%s"-style format for printf()-style
|
||||||
|
functions
|
||||||
|
|
||||||
|
`ncuses-6.3` added printf-style function attributes and now makes
|
||||||
|
it easier to catch cases when user input is used in palce of format
|
||||||
|
string when built with CFLAGS=-Werror=format-security:
|
||||||
|
|
||||||
|
cdda-player.c:1032:31:
|
||||||
|
error: format not a string literal and no format arguments [-Werror=format-security]
|
||||||
|
1032 | mvprintw(i_line++, 0, line);
|
||||||
|
| ^~~~
|
||||||
|
|
||||||
|
Let's wrap all the missing places with "%s" format.
|
||||||
|
---
|
||||||
|
src/cdda-player.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/cdda-player.c b/src/cdda-player.c
|
||||||
|
index 69eddee..8834d60 100644
|
||||||
|
--- a/src/cdda-player.c
|
||||||
|
+++ b/src/cdda-player.c
|
||||||
|
@@ -298,7 +298,7 @@ action(const char *psz_action)
|
||||||
|
psz_action);
|
||||||
|
else
|
||||||
|
snprintf(psz_action_line, sizeof(psz_action_line), "%s", "" );
|
||||||
|
- mvprintw(LINE_ACTION, 0, psz_action_line);
|
||||||
|
+ mvprintw(LINE_ACTION, 0, "%s", psz_action_line);
|
||||||
|
clrtoeol();
|
||||||
|
refresh();
|
||||||
|
}
|
||||||
|
@@ -1029,10 +1029,10 @@ display_tracks(void)
|
||||||
|
}
|
||||||
|
if (sub.track == i) {
|
||||||
|
attron(A_STANDOUT);
|
||||||
|
- mvprintw(i_line++, 0, line);
|
||||||
|
+ mvprintw(i_line++, 0, "%s", line);
|
||||||
|
attroff(A_STANDOUT);
|
||||||
|
} else
|
||||||
|
- mvprintw(i_line++, 0, line);
|
||||||
|
+ mvprintw(i_line++, 0, "%s", line);
|
||||||
|
clrtoeol();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
cgit v1.1
|
||||||
@ -8,6 +8,9 @@ Source0: http://ftp.gnu.org/gnu/libcdio/libcdio-%{version}.tar.bz2
|
|||||||
Source1: http://ftp.gnu.org/gnu/libcdio/libcdio-%{version}.tar.bz2.sig
|
Source1: http://ftp.gnu.org/gnu/libcdio/libcdio-%{version}.tar.bz2.sig
|
||||||
Source2: libcdio-no_date_footer.hml
|
Source2: libcdio-no_date_footer.hml
|
||||||
Source3: cdio_config.h
|
Source3: cdio_config.h
|
||||||
|
# Fixed upstream but not in a stable release yet.
|
||||||
|
# http://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=2adb43c60afc6e98e94d86dad9f93d3df52862b1
|
||||||
|
Patch: format-security.patch
|
||||||
BuildRequires: gcc gcc-c++
|
BuildRequires: gcc gcc-c++
|
||||||
BuildRequires: pkgconfig doxygen
|
BuildRequires: pkgconfig doxygen
|
||||||
BuildRequires: ncurses-devel
|
BuildRequires: ncurses-devel
|
||||||
@ -30,7 +33,7 @@ This package contains header files and libraries for %{name}.
|
|||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -p1
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 -o THANKS.utf8 THANKS && mv THANKS.utf8 THANKS
|
iconv -f ISO88591 -t utf-8 -o THANKS.utf8 THANKS && mv THANKS.utf8 THANKS
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user