Fails to compile with '-Werror=format-security'

[Lance]

Hi,

I have Arch Linux and I'm trying to compile this program though a helper package at the Arch Linux User Repository (AUR) that someone posted. https://aur.archlinux.org/packages/efax-gtk/

The issue is recently Arch Linux maintainers made the flag '-Werror=format-security' default for makepkg config the utility that helps setup and compile packages from the AUR. Which leads to this following error message.

efaxlib.c: In function ‘nextopage’:
efaxlib.c:1946:7: error: format not a string literal and no format arguments [-Werror=format-security]
 1946 |       fprintf ( f->f, PCLEND ) ;
      |       ^~~~~~~
efaxlib.c: In function ‘tiff_first’:
efaxlib.c:985:3: warning: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
  985 |   fread ( (uchar*) &magic, 1, 2, f->f ) ;
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  CC       efaxmsg.o
  CC       efix.o
cc1: some warnings being treated as errors
make[2]: *** [Makefile:453: efaxlib.o] Error 1
make[2]: Leaving directory '/home/ransu/.cache/pikaur/build/efax-gtk/src/efax-gtk-3.2.15/efax'
make[1]: *** [Makefile:553: all-recursive] Error 1
make[1]: Leaving directory '/home/ransu/.cache/pikaur/build/efax-gtk/src/efax-gtk-3.2.15'
make: *** [Makefile:386: all] Error 2
==> ERROR: A failure occurred in build().
    Aborting...

I'm hoping someone knows how this can be fixed. I'm guessing the '-Werror=format-security' flag is there to help clean up some code for secure purposes.

[Chris Vine]

The -Wformat-security flag causes a compiler warning to be emitted when (amongst other functions) fprintf is passed a non-literal string with no format arguments. This is a security concern where the string may be sourced externally from user input: in particular where it can be made to contain an unexpected %n specifier.

From what you say, Arch's build system is making this stronger by causing this warning to be treated as an error.

In this case the warning/error is bogus. fprintf is passed a pointer PCLEN which points to an actual string literal (see line 1460 of efaxlib.c). If the use of -Werror=format-security is a "default" as you say and not mandatory then there is presumably some way of turning it off. Given the warning is bogus, that seems the best way of dealing with the matter. (It could be dealt with by amending efaxlib.c so that line 1946 fprintf ( f->f, PCLEND );reads fprintf ( f->f, "%s", PCLEND ) ;) But I am surprised there is no equivalent warning about PSPAGEEND in line 1949.

Possibly making PCLEN and PSPAGEEND of const char* const type instead of char* type will also suppress the error. Note though that in C (as opposed to C++), string literals have the char* type.

[Lance]

I'm not well versed in programing as I probably should be. So I don't quite get everything. But should this change be made upstream? I know I can toggle that compiling flag off in /etc/makepkg.conf but I know at least one other person has reported a similar error on that AUR page I linked to.

[Chris Vine]

I don't particularly want to make a change to efax-gtk because as I mentioned the warning/error in this case is bogus. I know very little about Arch Linux but I suggest you turn the flag off by whatever mechanism Arch provides.