[Ocfs2-tools-devel] Compilation errors with -Werror=format-security
Sunil Mushran
sunil.mushran at oracle.com
Mon Oct 10 11:08:24 PDT 2011
On 10/08/2011 12:21 AM, Jeremy Lainé wrote:
> I am the maintainer for the Debian ocfs2-tools package, and am having trouble getting ocfs2-tools now that the default GCC options include "-Werror=format-security".
>
> The attached patch goes some way towards getting ocfs2-tools to compile, but I do not understand what the "query_run" method in "tunefs.ocfs2/op_query.c" does:
>
> query_fs = fs;
> fprintf(stdout, fmt);
> query_fs = NULL;
>
> => is "fmt" actually a format string, and if so, why does the fprintf call not have any arguments? Is fprintf being abused here?
fmt is a format string which the user passes in.
e.g.,
tunefs.ocfs2 -Q "Blocksize = %B, Clustersize = %T\n" /dev/sda1
http://www.gnu.org/s/hello/manual/libc/Customizing-Printf.html
We currently use register_printf_function() which has since been
deprecated. Converting it to register_printf_specifier() is in
my TODO list.
>
> Also, I noticed a number of snprintf calls of the form:
>
> snprintf (sysfile, sizeof(sysfile),
> ocfs2_system_inodes[JOURNAL_SYSTEM_INODE].si_name, i);
>
> Is "ocfs2_system_inodes[JOURNAL_SYSTEM_INODE].si_name" actually a format string?
Yes. Statically defined in include/ocfs2-kernel/ocfs2_fs.h. Is this causing
problems with format-security?
More information about the Ocfs2-tools-devel
mailing list