By default on debian some stricter gcc options are used:
gcc -DPACKAGE_NAME=\"refdb\" -DPACKAGE_TARNAME=\"refdb\" -DPACKAGE_VERSION=\"1.0.0-pre2\" -DPACKAGE_STRING=\"refdb\ 1.0.0-pre2\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"refdb\" -DVERSION=\"1.0.0-pre2\" -D_GNU_SOURCE=1 -DREADLINE42=1 -DHAVE_ICONV=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_SOCKLEN_T=1 -DSTDC_HEADERS=1 -DHAVE_FCNTL_H=1 -DHAVE_LIMITS_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_SYS_IOCTL_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_UNISTD_H=1 -DTIME_WITH_SYS_TIME=1 -DRETSIGTYPE=void -DHAVE_STRFTIME=1 -DHAVE_MKFIFO=1 -DHAVE_GETHOSTNAME=1 -DHAVE_SELECT=1 -DHAVE_SOCKET=1 -DHAVE_STRCSPN=1 -DHAVE_STRSTR=1 -DHAVE_STRTOLL=1 -DHAVE_ATOLL=1 -I. -DSYSCONFDIR=\"/etc/refdb\" -DULLSPEC=\"%llu\" -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -O2 -c refdbib.c
refdbib.c: In function ‘make_cookedbib’:
refdbib.c:795: error: format not a string literal and no format arguments
refdbib.c:822: error: format not a string literal and no format arguments
refdbib.c: In function ‘make_rawbib’:
refdbib.c:994: error: format not a string literal and no format arguments
refdbib.c:1029: error: format not a string literal and no format arguments
refdbib.c:1048: error: format not a string literal and no format arguments
refdbib.c:1082: error: format not a string literal and no format arguments
refdbib.c:1122: error: format not a string literal and no format arguments
refdbib.c:1130: error: format not a string literal and no format arguments
refdbib.c:1141: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘size_t’
refdbib.c:1155: error: format not a string literal and no format arguments
refdbib.c: In function ‘make_texbib’:
refdbib.c:1249: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘size_t’
refdbib.c:1262: error: format not a string literal and no format arguments
refdbib.c:1273: error: format not a string literal and no format arguments
refdbib.c:1286: error: format not a string literal and no format arguments
refdbib.c:1317: error: format not a string literal and no format arguments
refdbib.c:1339: error: format not a string literal and no format arguments
refdbib.c:1396: error: format not a string literal and no format arguments
refdbib.c:1410: error: format not a string literal and no format arguments
refdbib.c:1427: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘size_t’
refdbib.c:1433: error: format not a string literal and no format arguments
refdbib.c: In function ‘log_print’:
refdbib.c:1468: error: format not a string literal and no format arguments
One cannot do:
fprintf(stderr, get_status_msg(cs_status));
but instead
fprintf(stderr, "%s", get_status_msg(cs_status));
proposed patch
Could you please specify which options you add to gcc? The error messages apparently reflect the status of the last release. The line numbers differ from the current svn version. In order to fix these problems I'd like to reproduce this locally with the svn sources.
I am sure you noticed the patch is done against svn trunk. The patch actually applies on 0.9.9 (with fuzzing) and svn trunk.
Anyway here are the default flags on debian:
$ dpkg-buildflags --get CFLAGS
-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
$ dpkg-buildflags --get CXXFLAGS
-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
and
$ dpkg-buildflags --get CPPFLAGS
-D_FORTIFY_SOURCE=2
One more things:
$ dpkg-buildflags --get LDFLAGS
-Wl,-z,relro
I hadn't even noticed that there was a patch - thanks a million for that. I've applied the patch successfully, see svn revison 757.