#736 format not a string literal and no format arguments [-Werror=format-security]
Hello,
I am unable to build gutenprint-5.3.4-2022-06-24T01-00-8808d602 on Solaris using gcc 11.3.0.
Throughout the source *printf() formating functions are used with _() as the format argument. _() is used as a wrapper around gettext function to obtain localized version of string.
One example for all:
src/main/print-dyesub.c:3513:7: error: format not a string literal and no format arguments [-Werror=format-security]
3513 | stp_eprintf(v, _("Must use glossy overcoat with panorama print sizes!\n"));
| ^~~~~~~~~~~
In function 'ps_parameters_internal',
In most cases fix is to use something like this instead:
stp_eprintf(v, "%", _("Must use glossy overcoat with panorama print sizes!\n"));
Configure summary:
================================================================
Release: gutenprint 5.3.4-2022-06-24T01-00-8808d602 generated on 24 Jun 2022
Generated at Wed Jul 27 17:20:44 CEST 2022 by mrehak
Features:
Build CUPS: yes, installing in /usr
Build CUPS 1.2 enhancements: yes
Build CUPS PPD files: no
Generate PS level 3 CUPS PPD files: yes
Build genppd statically: no
***WARNING: Use of --disable-static-genppd or --disable-static
when building CUPS is very dangerous. The build may
fail when building the PPD files, or may *SILENTLY*
build incorrect PPD files or cause other problems.
Please review the README and release notes carefully!
Build CUPS dyesub USB backend: yes
Build EPSON inkjet utility: yes
Build enhanced Print plugin for GIMP: no
Build test programs: yes
Build testpattern generator: yes
Installation summary:
Installation prefix: /usr
Exec prefix: /usr ({prefix})
Data directory: /usr/share/gutenprint
Library directory: /usr/lib/amd64/gutenprint (/usr/lib/amd64/gutenprint)
Executable directory: /usr/bin (/usr/bin)
XML data directory: /usr/share/gutenprint/5.3/xml
Module directory: /usr/lib/amd64/gutenprint/5.3/modules (/usr/lib/amd64/gutenprint/5.3/mo
dules)
Install sample images: yes
General configuration:
Configure arguments: '--prefix=/usr' '--mandir=/usr/share/man' '--bindir=/usr/bin' '--sbindi
r=/usr/sbin' '--libdir=/usr/lib/amd64' '--infodir=/usr/share/info' '--enable-escputil' --without-gimp2 '--enable-cups-1
₂-enhancements' '--enable-shared' '--disable-static-genppd' '--enable-simplified-cups-ppds' --without-readline '--disa
ble-static'
Compiler: /usr/gcc/11/bin/gcc
Compiler Version: gcc version 11.3.0 (GCC)
Compiler options: -Disfinite=finite -m64 -fPIC -DPIC -O3 -ffile-prefix-map=/builds/mrehak
/workspace/gutenprint/components/gutenprint=. -O3 -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissin
g-declarations -Wnested-externs -Wwrite-strings -Werror-implicit-function-declaration -Winline -Wformat=2 -finline-limi
t=131072 -Wformat -Werror=format-security -D_POSIX_C_SOURCE=200809L -std=c99
Build static libraries: no
Build shared libraries: yes
Maintainer mode: no
Use i18n: yes
Generate profiling information: no
Generate debugging symbols: no
Use modules: yes
Use readline libraries: no
uname -a output: SunOS ulx-0 5.11 11.4.48.126.0 i86pc i386 i86pc non-virtualized
================================================================
This is potential security bug.
I am able to create insane patch to workaround all the occurrences but I am not able to maintain it during future gutenprint updates. Thus I am asking for help fixing this.
Helpful information:
https://dwheeler.com/essays/write_it_secure_1.html
https://www.gnu.org/software/gettext/manual/html_node/c_002dformat-Flag.html
Thank you.
