New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unsafe use of fprintf() and printf() #553
Comments
This is a false positive since the compiler cannot see the format through |
Right. @keryell we'd love to switch to C++20 and |
Previously: #447 |
Just a soft bump to find out if this in progress at all? |
Why is the issue closed? The issue itself is still there. You can't compile it on Arch, which is a shame. Is there any workaround to make a package for Arch? |
It looks to me like it was closed simply because #447 is an older report with more discussion. In Fedora Linux, we are patching in GCC pragmas to selectively disable |
Environment
Describe the bug
The code does not compile with
-Werror=format-security
due to unsafe use offprintf()
andprintf()
ingiada/src/utils/log.h
Lines 71 to 94 in 0feebd6
To Reproduce
Compile giada with
-Werror=format-security
Full build log:
giada-0.20.0-build.log
Expected behavior
Giada can be compiled.
Screenshots
n/a
Additional context
Allowing runtime generated chars as format string is exploitable and bad practice.
https://stackoverflow.com/questions/4419293/warning-format-not-a-string-literal-and-no-format-arguments
This issue blocks a build of 0.20.0 on Arch Linux as
-Werror=format-security
is part of our default build environment CFLAGS.The text was updated successfully, but these errors were encountered: