Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Linux] build error #1458

Closed
werdahias opened this issue Jan 26, 2022 · 4 comments · Fixed by #1461
Closed

[Linux] build error #1458

werdahias opened this issue Jan 26, 2022 · 4 comments · Fixed by #1461
Labels
bug Behaving differently as it should behave lang: c++ Done in C++ code

Comments

@werdahias
Copy link
Contributor

cloned the repo and configured it. when running make I get the following error:

[ 23%] Building CXX object libopenage/CMakeFiles/libopenage.dir/event/demo/main.cpp.o
/home/user/openage/libopenage/event/demo/gui.cpp: In member function ‘void openage::event::demo::Gui::init()’:
/home/user/openage/libopenage/event/demo/gui.cpp:136:25: error: format not a string literal and no format arguments [-Werror=format-security]
  136 |                 mvprintw(row++, col, c);
      |                 ~~~~~~~~^~~~~~~~~~~~~~~
/home/user/openage/libopenage/event/demo/gui.cpp: In member function ‘void openage::event::demo::Gui::draw(const std::shared_ptr<openage::event::demo::PongState>&, const time_t&)’:
/home/user/openage/libopenage/event/demo/gui.cpp:209:25: error: format not a string literal and no format arguments [-Werror=format-security]
  209 |                 mvprintw((6 + msg_i), state->display_boundary[0]/2 + 10, msg.c_str());
      |                 ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ 23%] Building CXX object libopenage/CMakeFiles/libopenage.dir/event/demo/physics.cpp.o

Then the build fails. OS is debian testing and gcc 11
@TheJJ TheJJ added bug Behaving differently as it should behave lang: c++ Done in C++ code labels Jan 26, 2022
@TheJJ
Copy link
Member

TheJJ commented Jan 26, 2022

I mean it's true that we don't pass a format string to mvprintw, which could be a problem if the user could enter arbitrary msgs.
Since I don't see a function like mvput, we probably have to introduce a artificial format string to make the compiler happy and prevent format-string-interpretation of generated input:

  • mvprintw(a, b, c) -> mvprintw(a, b, "%c", c)
  • mvprintw(a, b, s) -> mvprintw(a, b, "%s", s)...

@werdahias
Copy link
Contributor Author

werdahias commented Feb 9, 2022
edited by TheJJ

I fixed it by appending two lines in gui.cpp

diff --git a/libopenage/event/demo/gui.cpp b/libopenage/event/demo/gui.cpp
index f6fa6e2e..0724f63a 100644
--- a/libopenage/event/demo/gui.cpp
+++ b/libopenage/event/demo/gui.cpp
@@ -133,7 +133,7 @@ void Gui::init() {
 	int row = (y - buffer.size()) / 2;;
 	int col = (x - colwidth) / 2;
 	for (const auto &c : buffer) {
-		mvprintw(row++, col, c);
+		mvprintw(row++, col, "%c", c);
 	}
 
 	attroff(COLOR_PAIR(COLOR_DEBUG));
@@ -206,7 +206,7 @@ void Gui::draw(const std::shared_ptr<PongState> &state, const curve::time_t &now
 	// show log
 	int msg_i = 0;
 	for (auto & msg : this->log_msgs) {
-		mvprintw((6 + msg_i), state->display_boundary[0]/2 + 10, msg.c_str());
+		mvprintw((6 + msg_i), state->display_boundary[0]/2 + 10, "%msg.c_str()", msg.c_str() );
 		msg_i += 1;
 	}
 :

Then it compiles succesfully

@TheJJ
Copy link
Member

TheJJ commented Feb 9, 2022

great :)
the second hunk's string should be "%s" though.
can you submit a pull request to bring this fix upstream?

@werdahias werdahias mentioned this issue Feb 9, 2022
Merged
@FabioLolix
Copy link

FabioLolix commented Feb 13, 2022
edited

Hello, I have the same error on Arch Linux, GCC 11.1.0 and Clang 13.0.1

[ 25%] Building CXX object libopenage/CMakeFiles/libopenage.dir/gamedata/tech_dummy.cpp.o
/home/fabio/Dev/Github/PKGBUILD/openage-git/src/openage/libopenage/event/demo/gui.cpp:136:24: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
                mvprintw(row++, col, c);
                                     ^
/home/fabio/Dev/Github/PKGBUILD/openage-git/src/openage/libopenage/event/demo/gui.cpp:136:24: note: treat the string as an argument to avoid this
                mvprintw(row++, col, c);
                                     ^
                                     "%s", 
/home/fabio/Dev/Github/PKGBUILD/openage-git/src/openage/libopenage/event/demo/gui.cpp:209:60: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
                mvprintw((6 + msg_i), state->display_boundary[0]/2 + 10, msg.c_str());
                                                                         ^~~~~~~~~~~
/home/fabio/Dev/Github/PKGBUILD/openage-git/src/openage/libopenage/event/demo/gui.cpp:209:60: note: treat the string as an argument to avoid this
                mvprintw((6 + msg_i), state->display_boundary[0]/2 + 10, msg.c_str());
                                                                         ^
                                                                         "%s", 
[ 25%] Building CXX object libopenage/CMakeFiles/libopenage.dir/gamedata/terrain_dummy.cpp.o

Tried your patches, they're working

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Behaving differently as it should behave lang: c++ Done in C++ code
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build error fixed werdahias/openage
3 participants
@TheJJ @FabioLolix @werdahias