[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Menu

#304 Fix fprintf format security warnings for halibut

3.x Stable
closed-accepted
nobody
None
5
2021-10-07
2021-10-04
f0rt
No

If the format security warnings of the (GNU) compiler are made fatal via the -Werror=format-security option then the compilation of halibut is going to fail.

Docs/src/bin/halibut/bk_xhtml.c: In function 'xhtml_doheader':
Docs/src/bin/halibut/bk_xhtml.c:1519:23: error: format not a string literal and no format arguments [-Werror=format-security]
 1519 |   fprintf(fp, html5 ? "<!DOCTYPE html>\n" : xhtml ? xhtmldoctype : html4doctype);
      |                       ^~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

The fprintf function expects the following arguments: output stream, format string and subsequent arguments as specified in the format string.

fprintf(fp, "%s", string) should be used instead of fprintf(fp, string) to be safe and compliant. However fputs is more efficient in these cases and as consequence it was used instead in the attached patch.

1 Attachments

Discussion

  • Anders

    Anders - 2021-10-05

    Too bad the compiler does not bother looking at the strings. The code is already "safe and compliant", there is no user controlled input and there are no % formatting characters.

     
  • Anders

    Anders - 2021-10-07
    • status: open --> closed-accepted
     

Log in to post a comment.