Skip to content

A fresh -Wformat-security issue under r-devel #1287

@eddelbuettel

Description

@eddelbuettel

Update 2023-11-28: If you came here because of a similar message in your package please read on and see particularly this comment below for the fairly simple fix.


While working on an update for RQuantLib with a few r-devel discovered minor changes, CRAN and I both came across a new nag this time from -Wformat-security.. Our glue code in src/attributes.cpp does

                     << "    if (rcpp_isError_gen) {" << std::endl
                     << "        SEXP rcpp_msgSEXP_gen = Rf_asChar(rcpp_result_gen);" << std::endl
                     << "        UNPROTECT(1);" << std::endl
                     << "        Rf_error(CHAR(rcpp_msgSEXP_gen));" << std::endl
                     << "    }" << std::endl

and the Rf_error(someCharvariablehere) now makes the compiler bark under -Wformat-security:

RcppExports.cpp:180:18: warning: format string is not a string literal (potentially insecure) [-Wformat-security]

The fix is pretty easy: add a "%s". I will take care of that shortly.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions