Standards Based Linux Instrumentation / Bugs / #2722 sblim-gather fails to compile when "-Werror=format-security" flag is used

#2722 sblim-gather fails to compile when "-Werror=format-security" flag is used

Milestone: Code_Cleanup

Status: closed-fixed

Owner: nobody

Labels: None

Component: gather

Priority: 5

Updated: 2014-10-10

Created: 2014-02-04

Creator: Vitezslav Crhonek

Private: No

Hello,

sblim-gather fails to compile with GCC when "-Werror=format-security" flag is used. It's because of usage of fprintf/sprintf/printf functions where the format string is not a string literal and there are no format arguments. This may be a security hole if the format string came from untrusted input and contains %n.

Attached patch fixes this issue.

1 Attachments

sblim-gather-2.2.8-format-security.patch

Discussion

Dave Heller - 2014-02-09

Looks good, thanks. I also updated the makefile so that the flag is included in the default CFLAGS, to prevent future problems.

Commit [544dde]

Related

Commit: [544dde]

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Heller - 2014-02-09

status: open --> pending-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Heller - 2014-10-10

status: pending-fixed --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

sblim-gather fails to compile when "-Werror=format-security" flag is used

Group

Searches

Help

#2722 sblim-gather fails to compile when "-Werror=format-security" flag is used

Discussion

Related