[Therion] Hardening flags cause build failure
Wookey
wookey at wookware.org
Wed Oct 9 19:24:54 CEST 2013
I fixed a bug that was stopping the default hardening flags in Debian
actaully being used.
It turns out that using them breaks the build, specifically setting
-Werror=format-security:
from the log:
c++ -c -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -DTHLINUX -O2 -o thpoint.o thpoint.cxx
thpoint.cxx: In member function ‘virtual bool thpoint::export_mp(thexpmapmpxs*)’:
thpoint.cxx:657:89: error: format not a string literal and no format arguments [-Werror=format-security]
The code is:
if (!thisnan(this->xsize)) {
//if (double(int(this->xsize)) != this->xsize)
// sprintf(buff,"%.1f",this->xsize);
//else
// sprintf(buff,"%.0f",this->xsize);
fprintf(out->file,utf2tex(out->layout->units.format_human_length(this->xsize)));
}
I don't understand this beyond the issue being that a format string
really should be supplied, otherwise it's a security risk, and it's not
being. Can someone supply a fix please?
Wookey
--
Principal hats: Linaro, Emdebian, Wookware, Balloonboard, ARM
http://wookware.org/
More information about the Therion
mailing list