Fix -Wformat-security warning in libgfortran

Message ID	20160115200730.GF3017@tucnak.redhat.com
State	New
Headers	show Return-Path: <gcc-patches-return-419213-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:reply-to:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=I7qZiJnvBz21EYiF M4eMwXQtNwDjEAW5+tfXyzPSwnAi9Yl4SeqN0jr+NB3sKzton3sQoS91fExuVLl6 zhZvbV6KfCIgP040vzMB76kMzvHM7hjEFArDs53B1Csc3xmsSOthsXznm41dhIOM t7iCNHO+2GR9wWKixsm2Lnf3TwM= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org Date: Fri, 15 Jan 2016 21:07:30 +0100 From: Jakub Jelinek <jakub@redhat.com> To: fortran@gcc.gnu.org, gcc-patches@gcc.gnu.org Subject: [PATCH] Fix -Wformat-security warning in libgfortran Message-ID: <20160115200730.GF3017@tucnak.redhat.com> Reply-To: Jakub Jelinek <jakub@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.24 (2015-08-30)

Message ID

20160115200730.GF3017@tucnak.redhat.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:subject:message-id:reply-to:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=I7qZiJnvBz21EYiF
	M4eMwXQtNwDjEAW5+tfXyzPSwnAi9Yl4SeqN0jr+NB3sKzton3sQoS91fExuVLl6
	zhZvbV6KfCIgP040vzMB76kMzvHM7hjEFArDs53B1Csc3xmsSOthsXznm41dhIOM
	t7iCNHO+2GR9wWKixsm2Lnf3TwM=
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org
Date: Fri, 15 Jan 2016 21:07:30 +0100
From: Jakub Jelinek <jakub@redhat.com>
To: fortran@gcc.gnu.org, gcc-patches@gcc.gnu.org
Subject: [PATCH] Fix -Wformat-security warning in libgfortran
Message-ID: <20160115200730.GF3017@tucnak.redhat.com>
Reply-To: Jakub Jelinek <jakub@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.24 (2015-08-30)

Commit Message

Jakub Jelinek Jan. 15, 2016, 8:07 p.m. UTC

Hi!

In our gcc package build, libgfortran is built with -Werror=format-security
and errors on this file.  While it is a false positive, because
cmdmsg_values[i] for any valid i don't contain % characters, IMNSHO it is
better to use "%s", msg anyway to make it clear that msg should not be
interpretted as format string.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2016-01-15  Jakub Jelinek  <jakub@redhat.com>

	* intrinsics/execute_command_line.c (set_cmdstat): Use "%s", msg
	instead of msg to avoid -Wformat-security warning.


	Jakub

Comments

Paul Richard Thomas Jan. 15, 2016, 8:16 p.m. UTC | #1

Hi Jakub,

Of course, that's OK; obvious even - good for trunk.

Thanks

Paul

On 15 January 2016 at 21:07, Jakub Jelinek <jakub@redhat.com> wrote:
> Hi!
>
> In our gcc package build, libgfortran is built with -Werror=format-security
> and errors on this file.  While it is a false positive, because
> cmdmsg_values[i] for any valid i don't contain % characters, IMNSHO it is
> better to use "%s", msg anyway to make it clear that msg should not be
> interpretted as format string.
>
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
>
> 2016-01-15  Jakub Jelinek  <jakub@redhat.com>
>
>         * intrinsics/execute_command_line.c (set_cmdstat): Use "%s", msg
>         instead of msg to avoid -Wformat-security warning.
>
> --- libgfortran/intrinsics/execute_command_line.c.jj    2016-01-04 15:14:11.000000000 +0100
> +++ libgfortran/intrinsics/execute_command_line.c       2016-01-15 14:47:32.132158422 +0100
> @@ -1,6 +1,6 @@
>  /* Implementation of the EXECUTE_COMMAND_LINE intrinsic.
>     Copyright (C) 2009-2016 Free Software Foundation, Inc.
> -   Contributed by FranÃ§ois-Xavier Coudert.
> +   Contributed by François-Xavier Coudert.
>
>  This file is part of the GNU Fortran runtime library (libgfortran).
>
> @@ -55,7 +55,7 @@ set_cmdstat (int *cmdstat, int value)
>  #define MSGLEN 200
>        char msg[MSGLEN] = "EXECUTE_COMMAND_LINE: ";
>        strncat (msg, cmdmsg_values[value], MSGLEN - strlen(msg) - 1);
> -      runtime_error (msg);
> +      runtime_error ("%s", msg);
>      }
>  }
>
>
>         Jakub

--- libgfortran/intrinsics/execute_command_line.c.jj	2016-01-04 15:14:11.000000000 +0100
+++ libgfortran/intrinsics/execute_command_line.c	2016-01-15 14:47:32.132158422 +0100
@@ -1,6 +1,6 @@ 
 /* Implementation of the EXECUTE_COMMAND_LINE intrinsic.
    Copyright (C) 2009-2016 Free Software Foundation, Inc.
-   Contributed by FranÃ§ois-Xavier Coudert.
+   Contributed by François-Xavier Coudert.
 
 This file is part of the GNU Fortran runtime library (libgfortran).
 
@@ -55,7 +55,7 @@  set_cmdstat (int *cmdstat, int value)
 #define MSGLEN 200
       char msg[MSGLEN] = "EXECUTE_COMMAND_LINE: ";
       strncat (msg, cmdmsg_values[value], MSGLEN - strlen(msg) - 1);
-      runtime_error (msg);
+      runtime_error ("%s", msg);
     }
 }

Fix -Wformat-security warning in libgfortran

Commit Message

Comments

Patch