unable to build with -Werror=format-security
Closed this issue · 3 comments
anthraxx commented
The build errors out with -Werror=format-security which means I can't release the distro package upgrade:
In file included from ../src/anal_ghidra.cpp:4:
/usr/include/libr/r_anal.h:66:48: error: format not a string literal and no format arguments [-Werror=format-sec
urity]
66 | #define esilprintf(op, fmt, ...) r_strbuf_setf (&op->esil, fmt, ##__VA_ARGS__)
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/anal_ghidra.cpp:1350:9: note: in expansion of macro ‘esilprintf’
1350 | esilprintf (anal_op, ss.str()[0] == ','? ss.str().c_str() + 1: ss.str().c_str());
| ^~~~~~~~~~
../src/anal_ghidra.cpp: In function ‘int sleigh_op(RAnal*, RAnalOp*, uint64_t, const uint8_t*, int, RAnalOpMask)
’:
../src/anal_ghidra.cpp:1408:46: warning: zero-length gnu_printf format string [-Wformat-zero-length]
1408 | esilprintf (anal_op, "");
| ^~
/usr/include/libr/r_anal.h:66:60: note: in definition of macro ‘esilprintf’
66 | #define esilprintf(op, fmt, ...) r_strbuf_setf (&op->esil, fmt, ##__VA_ARGS__)
| ^~~
trufae commented
i cant get those warnings to happen on clang. i dont have gcc handy right now. but according to the interwebs is not a vuln, just a taste from gnu developers that dislike such short "format strings", i just pushed a blind fix, can you confirm it works? 7fa1a83
trufae commented
anthraxx commented
That looks good, thanks. I didn't say it needs to be a vuln, just that I can't build with distro compliant flags 🐱
It gets me compile further, but it seems to have an API incompatibility to radare 5.7.6 😿
../src/R2LoadImage.cpp: In lambda function:
../src/R2LoadImage.cpp:67:64: error: ‘RAsm’ {aka ‘struct r_asm_t’} has no member named ‘config’
67 | int inc = (core->rasm->config->bits == 64)? 8: 4;
| ^~~~~~
EDIT:
To not hijack this issue, I've opened #91 instead