Bugzilla – Full Text Bug Listing
| Summary: | [GTK] os.c:13161:2: warning: format not a string literal and no format arguments [-Wformat-security] | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Eclipse Project] Platform | Reporter: | أحمد المحمودي <aelmahmoudy> | ||||
| Component: | SWT | Assignee: | Markus Keller <markus.kell.r> | ||||
| Status: | VERIFIED FIXED | QA Contact: | |||||
| Severity: | normal | ||||||
| Priority: | P3 | CC: | akurtakov, arunkumar.thondapu, eclipse.felipe, grant_gayed, markus.kell.r, sravankumarl | ||||
| Version: | 3.7.1 | ||||||
| Target Milestone: | 4.6 M7 | ||||||
| Hardware: | PC | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Attachments: |
|
||||||
Can you explain the problem ? Note that os.c is auto-generate, changing this code directly is wrong. You need to change the OS.java from where the os.c file generated from. This is referring to the warning that is spewed when compiling the swt lib. Here's the native build warning:
[exec] os.c: In function ‘Java_org_eclipse_swt_internal_gtk_OS__1gtk_1message_1dialog_1new’:
[exec] os.c:13161:2: warning: format not a string literal and no format arguments [-Wformat-security]
[exec] rc = (jintLong)gtk_message_dialog_new((GtkWindow *)arg0, (GtkDialogFlags)arg1, (GtkMessageType)arg2, (GtkButtonsType)arg3, (const gchar *)lparg4);
[exec] ^
The hack for bug 77983 was to add MessageBox#fixPercent(String), but that's a lot of unnecessary code.
The right fix is to remove MessageBox#fixPercent(String) and instead call gtk_message_dialog_new () with "%s" and the actual message as separate arguments.
(In reply to Markus Keller from comment #4) > Fixed with > http://git.eclipse.org/c/platform/eclipse.platform.swt.git/commit/ > ?id=b85b74162ec3dcda5668021f61b12b395db3fd74 Should format-security be added to CFLAGS to make sure this doesn't happen in the future? (In reply to Alexander Kurtakov from comment #5) > Should format-security be added to CFLAGS to make sure this doesn't happen > in the future? No, see https://fedoraproject.org/wiki/Format-Security-FAQ . The warning was actually helpful to reveal this problem and fix it the right way. (In reply to Markus Keller from comment #6) > (In reply to Alexander Kurtakov from comment #5) > > Should format-security be added to CFLAGS to make sure this doesn't happen > > in the future? > > No, see https://fedoraproject.org/wiki/Format-Security-FAQ . The warning was > actually helpful to reveal this problem and fix it the right way. So I'm proposing adding -Werror=format-security as this page suggests so we ensure that there is compile failure to prevent such issues in the future. Verified on Ubuntu Mate 16.04 with I20160426-1615 |
Created attachment 204356 [details] Fix FTBFS with -Werror=format-security compiler flag set Eclipse build id or SWT version: SWT 3.7.1 Platform(s) tested on: Debian unstable Snippet title: Fix FTBFS with -Werror=format-security compiler flag set Snippet code: --- a/os.c +++ b/os.c @@ -10830,7 +10830,7 @@ jintLong rc = 0; OS_NATIVE_ENTER(env, that, _1gtk_1message_1dialog_1new_FUNC); if (arg4) if ((lparg4 = (*env)->GetByteArrayElements(env, arg4, NULL)) == NULL) goto fail; - rc = (jintLong)gtk_message_dialog_new((GtkWindow *)arg0, (GtkDialogFlags)arg1, (GtkMessageType)arg2, (GtkButtonsType)arg3, (const gchar *)lparg4); + rc = (jintLong)gtk_message_dialog_new((GtkWindow *)arg0, (GtkDialogFlags)arg1, (GtkMessageType)arg2, (GtkButtonsType)arg3, "%s", (const gchar *)lparg4); fail: if (arg4 && lparg4) (*env)->ReleaseByteArrayElements(env, arg4, lparg4, 0); OS_NATIVE_EXIT(env, that, _1gtk_1message_1dialog_1new_FUNC);