260409 – graphics/opendx: Fails to build with -Werror=format-security: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]

Bug 260409 - graphics/opendx: Fails to build with -Werror=format-security: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]

Summary: graphics/opendx: Fails to build with -Werror=format-security: error: format s...

Status:	Closed Not A Bug

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	Stephen Montgomery-Smith

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-14 07:21 UTC by Alain De Vos
Modified:	2024-05-13 02:12 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alain De Vos 2021-12-14 07:21:08 UTC

make.conf:
MYFLAGS=" -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -fident -mno-unaligned-access -Wformat -Wformat-security -Werror=format-security -fPIC -fPIE -fcf-protection -fexceptions -fno-short-enums -fomit-frame-pointer -fstrict-aliasing -fstack-protector-all -fstack-protector -fstack-protector-strong -fstack-clash-protection -O2 -pipe "
CFLAGS+="${MYFLAGS}"
CXXFLAGS+="${MYFLAGS}"

Compilation fails with log,
[00:06:42]  cc -DHAVE_CONFIG_H -I. -I. -I../../../include -I../../../include -I./../dpexec -I/wrkdirs/usr/ports/graphics/opendx/work/dx-4.4.4/include -Dfreebsd -O2 -pipe -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -fident -mno-unaligned-access -Wformat -Wformat-security -Werror=format-security -fPIC -fPIE -fcf-protection -fexceptions -fno-short-enums -fomit-frame-pointer -fstrict-aliasing -fstack-protector-all -fstack-protector -fstack-protector-strong -fstack-clash-protection -O2 -pipe -march=ivybridge -fstack-protector-strong -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -fident -mno-unaligned-access -Wformat -Wformat-security -Werror=format-security -fPIC -fPIE -fcf-protection -fexceptions -fno-short-enums -fomit-frame-pointer -fstrict-aliasing -fstack-protector-all -fstack-protector -fstack-protector-strong -fstack-clash-protection -O2 -pipe -I/usr/local/include -I/usr/local/include -O2 -pipe -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -fident -mno-unaligned-access -Wformat -Wformat-security -Werror=format-security -fPIC -fPIE -fcf-protection -fexceptions -fno-short-enums -fomit-frame-pointer -fstrict-aliasing -fstack-protector-all -fstack-protector -fstack-protector-strong -fstack-clash-protection -O2 -pipe -march=ivybridge -fstack-protector-strong -fno-strict-aliasing -I/usr/local/include -D_GNU_SOURCE -c colormap.c  -fPIC -DPIC -o .libs/colormap.o
[00:06:42] cc: warning: argument unused during compilation: '-mno-unaligned-access' [-Wunused-command-line-argument]
[00:06:42] cc: warning: argument unused during compilation: '-mno-unaligned-access' [-Wunused-command-line-argument]
[00:06:42] cc: warning: argument unused during compilation: '-mno-unaligned-access' [-Wunused-command-line-argument]
[00:06:42] colormap.c:1170:21: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
[00:06:42]       sprintf(ei.mp,name);  while(*ei.mp) ei.mp++;
[00:06:42]                     ^~~~
[00:06:42] colormap.c:1170:21: note: treat the string as an argument to avoid this
[00:06:42]       sprintf(ei.mp,name);  while(*ei.mp) ei.mp++;
[00:06:42]                     ^
[00:06:42]                     "%s", 
[00:06:42] colormap.c:1189:18: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
[00:06:42]    sprintf(ei.mp,name); while(*ei.mp) ei.mp++;
[00:06:42]                  ^~~~
[00:06:42] colormap.c:1189:18: note: treat the string as an argument to avoid this
[00:06:42]    sprintf(ei.mp,name); while(*ei.mp) ei.mp++;
[00:06:42]                  ^
[00:06:42]                  "%s", 
[00:06:42] 2 errors generated.
[00:06:42] gmake[5]: *** [Makefile:459: colormap.lo] Error 1
[00:06:42] gmake[5]: Leaving directory '/wrkdirs/usr/ports/graphics/opendx/work/dx-4.4.4/src/exec/dxmods'
[00:06:42] gmake[4]: *** [Makefile:393: all] Error 2
[00:06:42] gmake[4]: Leaving directory '/wrkdirs/usr/ports/graphics/opendx/work/dx-4.4.4/src/exec/dxmods'
[00:06:42] gmake[3]: *** [Makefile:386: all-recursive] Error 1
[00:06:42] gmake[3]: Leaving directory '/wrkdirs/usr/ports/graphics/opendx/work/dx-4.4.4/src/exec'
[00:06:42] gmake[2]: *** [Makefile:256: all-recursive] Error 1
[00:06:42] gmake[2]: Leaving directory '/wrkdirs/usr/ports/graphics/opendx/work/dx-4.4.4/src'
[00:06:42] gmake[1]: *** [Makefile:277: all-recursive] Error 1
[00:06:42] gmake[1]: Leaving directory '/wrkdirs/usr/ports/graphics/opendx/work/dx-4.4.4'
[00:06:42] *** Error code 1
[00:06:42] 
[00:06:42] Stop.
[00:06:42] make: stopped in /usr/ports/graphics/opendx

Comment 1 Stephen Montgomery-Smith freebsd_committer

2021-12-14 15:14:18 UTC

Probably best to send this upstream.

If you send me a patch, I could consider it.

Comment 2 Kubilay Kocak freebsd_committer

2021-12-15 00:59:12 UTC

@Reporter Thanks for your report.

-Werror=format-security is the cause of the failure, turning that warning into an error. Either remove that argument from your flags, or report it upstream, such that the warning can be resolved (and not fail with -Werror=format-security)

Comment 3 Timothy McIntyre 2024-05-13 01:27:52 UTC

MARKED AS SPAM