Message ID | 20160115200730.GF3017@tucnak.redhat.com |
---|---|
State | New |
Headers | show |
Hi Jakub, Of course, that's OK; obvious even - good for trunk. Thanks Paul On 15 January 2016 at 21:07, Jakub Jelinek <jakub@redhat.com> wrote: > Hi! > > In our gcc package build, libgfortran is built with -Werror=format-security > and errors on this file. While it is a false positive, because > cmdmsg_values[i] for any valid i don't contain % characters, IMNSHO it is > better to use "%s", msg anyway to make it clear that msg should not be > interpretted as format string. > > Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? > > 2016-01-15 Jakub Jelinek <jakub@redhat.com> > > * intrinsics/execute_command_line.c (set_cmdstat): Use "%s", msg > instead of msg to avoid -Wformat-security warning. > > --- libgfortran/intrinsics/execute_command_line.c.jj 2016-01-04 15:14:11.000000000 +0100 > +++ libgfortran/intrinsics/execute_command_line.c 2016-01-15 14:47:32.132158422 +0100 > @@ -1,6 +1,6 @@ > /* Implementation of the EXECUTE_COMMAND_LINE intrinsic. > Copyright (C) 2009-2016 Free Software Foundation, Inc. > - Contributed by François-Xavier Coudert. > + Contributed by François-Xavier Coudert. > > This file is part of the GNU Fortran runtime library (libgfortran). > > @@ -55,7 +55,7 @@ set_cmdstat (int *cmdstat, int value) > #define MSGLEN 200 > char msg[MSGLEN] = "EXECUTE_COMMAND_LINE: "; > strncat (msg, cmdmsg_values[value], MSGLEN - strlen(msg) - 1); > - runtime_error (msg); > + runtime_error ("%s", msg); > } > } > > > Jakub
--- libgfortran/intrinsics/execute_command_line.c.jj 2016-01-04 15:14:11.000000000 +0100 +++ libgfortran/intrinsics/execute_command_line.c 2016-01-15 14:47:32.132158422 +0100 @@ -1,6 +1,6 @@ /* Implementation of the EXECUTE_COMMAND_LINE intrinsic. Copyright (C) 2009-2016 Free Software Foundation, Inc. - Contributed by François-Xavier Coudert. + Contributed by François-Xavier Coudert. This file is part of the GNU Fortran runtime library (libgfortran). @@ -55,7 +55,7 @@ set_cmdstat (int *cmdstat, int value) #define MSGLEN 200 char msg[MSGLEN] = "EXECUTE_COMMAND_LINE: "; strncat (msg, cmdmsg_values[value], MSGLEN - strlen(msg) - 1); - runtime_error (msg); + runtime_error ("%s", msg); } }