[Ocfs2-tools-devel] Compilation errors with -Werror=format-security
Jeremy Lainé
jeremy.laine at m4x.org
Mon Oct 10 11:56:56 PDT 2011
Le Oct 10, 2011 à 8:08 PM, Sunil Mushran a écrit :
> On 10/08/2011 12:21 AM, Jeremy Lainé wrote:
>> I am the maintainer for the Debian ocfs2-tools package, and am having trouble getting ocfs2-tools now that the default GCC options include "-Werror=format-security".
>>
>> The attached patch goes some way towards getting ocfs2-tools to compile, but I do not understand what the "query_run" method in "tunefs.ocfs2/op_query.c" does:
>>
>> query_fs = fs;
>> fprintf(stdout, fmt);
>> query_fs = NULL;
>>
>> => is "fmt" actually a format string, and if so, why does the fprintf call not have any arguments? Is fprintf being abused here?
>
> fmt is a format string which the user passes in.
> e.g.,
> tunefs.ocfs2 -Q "Blocksize = %B, Clustersize = %T\n" /dev/sda1
>
> http://www.gnu.org/s/hello/manual/libc/Customizing-Printf.html
>
> We currently use register_printf_function() which has since been
> deprecated. Converting it to register_printf_specifier() is in
> my TODO list.
>
OK, I wonder if there is a way to tell gcc that "fmt" is indeed a format string and no arguments are expected to silence the warning.
What's your stance on the actual patch I sent, do you want upstream ocfs2-tools to compile with -Werror=format-security or will it stay a Debian/Ubuntu-specific patch?
Actually on a more general note, our stash of patches is starting to grow, it might be worth merging a number of them:
http://anonscm.debian.org/viewvc/collab-maint/deb-maint/ocfs2-tools/trunk/debian/patches/
>
>>
>> Also, I noticed a number of snprintf calls of the form:
>>
>> snprintf (sysfile, sizeof(sysfile),
>> ocfs2_system_inodes[JOURNAL_SYSTEM_INODE].si_name, i);
>>
>> Is "ocfs2_system_inodes[JOURNAL_SYSTEM_INODE].si_name" actually a format string?
>
> Yes. Statically defined in include/ocfs2-kernel/ocfs2_fs.h. Is this causing
> problems with format-security?
Thanks I saw that afterwards. No, it's not causing a warning, it was just me looking at other uses of snprintf.
Thanks for your input so far!
Jeremy
More information about the Ocfs2-tools-devel
mailing list