From 3cdc76b7ec0e058a6c216521c6e9dc6914c79a23 Mon Sep 17 00:00:00 2001 From: Graham Inggs Date: Tue, 25 Dec 2012 19:56:00 +0000 Subject: [PATCH 02/03] Fix unsafe uses of fprintf and sprintf Prevent 'format not a string literal and no format arguments' errors. When compiling motif with the gcc -Werror=format-security option, the current default for Debian, compilation fails with the following error: error: format not a string literal and no format arguments [-Werror=format-security] Upstream-Status: Submitted [http://bugs.motifzone.net/show_bug.cgi?id=1574] --- lib/Mrm/Mrmhier.c | 4 - lib/Mrm/Mrmicon.c | 4 - lib/Mrm/Mrmlread.c | 2 lib/Mrm/Mrmwcrw.c | 4 - tools/wml/wmlouth.c | 118 +++++++++++++++++++++++++------------------------- tools/wml/wmloutkey.c | 10 ++-- tools/wml/wmloutmm.c | 8 +-- 7 files changed, 75 insertions(+), 75 deletions(-) --- a/lib/Mrm/Mrmhier.c +++ b/lib/Mrm/Mrmhier.c @@ -264,10 +264,10 @@ case MrmSUCCESS: break; case MrmNOT_VALID: - sprintf (err_stg, _MrmMMsg_0113); + sprintf (err_stg, "%s", _MrmMMsg_0113); break; default: - sprintf (err_stg, _MrmMMsg_0114); + sprintf (err_stg, "%s", _MrmMMsg_0114); break; } } --- a/lib/Mrm/Mrmicon.c +++ b/lib/Mrm/Mrmicon.c @@ -1176,7 +1176,7 @@ } break; default: - sprintf(err_msg, _MrmMMsg_0040); + sprintf(err_msg, "%s", _MrmMMsg_0040); return Urm__UT_Error ("Urm__RelizeColorTable", err_msg, NULL, NULL, MrmFAILURE) ; } @@ -1252,7 +1252,7 @@ break; default: result = MrmFAILURE; - sprintf (err_msg, _MrmMMsg_0040); + sprintf (err_msg, "%s", _MrmMMsg_0040); Urm__UT_Error ("Urm__RelizeColorTable", err_msg, NULL, NULL, MrmFAILURE) ; } --- a/lib/Mrm/Mrmlread.c +++ b/lib/Mrm/Mrmlread.c @@ -698,7 +698,7 @@ XBlackPixelOfScreen(XDefaultScreenOfDisplay(display))); break; default: - sprintf(err_msg, _MrmMMsg_0040); + sprintf(err_msg, "%s", _MrmMMsg_0040); result = Urm__UT_Error ("MrmFetchColorLiteral", err_msg, NULL, NULL, MrmFAILURE) ; _MrmAppUnlock(app); --- a/lib/Mrm/Mrmwcrw.c +++ b/lib/Mrm/Mrmwcrw.c @@ -1390,7 +1390,7 @@ } break; default: - sprintf (err_msg, _MrmMMsg_0040); + sprintf (err_msg, "%s", _MrmMMsg_0040); result = Urm__UT_Error ("Urm__CW_ConvertValue", err_msg, NULL, NULL, MrmFAILURE) ; }; @@ -2426,7 +2426,7 @@ } break; default: - sprintf(err_msg, _MrmMMsg_0040); + sprintf(err_msg, "%s", _MrmMMsg_0040); return Urm__UT_Error ("Urm__CW_ConvertValue", err_msg, NULL, NULL, MrmFAILURE) ; }; --- a/tools/wml/wmloutkey.c +++ b/tools/wml/wmloutkey.c @@ -574,16 +574,16 @@ printf ("\nCouldn't open UilKeyTab.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Print the case sensitive and insensitive tables */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); wmlOutputUilKeyTabBody (outfil, wml_tok_sens_ptr, &maxlen, &maxkey); fprintf (outfil, canned2, maxlen, maxkey); wmlOutputUilKeyTabBody (outfil, wml_tok_insens_ptr, &maxlen, &maxkey); -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); /* * close the output file @@ -812,8 +812,8 @@ printf ("\nCouldn't open UilTokName.h"); return; } -fprintf (outfil, canned_warn); -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned_warn); +fprintf (outfil, "%s", canned1); /* * Print the token name entries --- a/tools/wml/wmlouth.c +++ b/tools/wml/wmlouth.c @@ -225,12 +225,12 @@ printf ("\nCouldn't open UilSymGen.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Write the sym_k..._object literals */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); for ( ndx=0 ; ndxcnt ; ndx++ ) { clsobj = (WmlClassDefPtr) wml_obj_class_ptr->hvec[ndx].objptr; @@ -244,7 +244,7 @@ /* * Define the sym_k_..._reason literals */ -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); for ( ndx=0 ; ndxcnt ; ndx++ ) { resobj = (WmlResourceDefPtr) wml_obj_reason_ptr->hvec[ndx].objptr; @@ -258,7 +258,7 @@ /* * Define the sym_k_..._arg literals */ -fprintf (outfil, canned4); +fprintf (outfil, "%s", canned4); for ( ndx=0 ; ndxcnt ; ndx++ ) { resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; @@ -272,7 +272,7 @@ /* * Define the sym_k_..._enumset structs and literals */ -fprintf (outfil, canned5); +fprintf (outfil, "%s", canned5); for ( ndx=0 ; ndxcnt ; ndx++ ) { enumsetobj = (WmlEnumSetDefPtr) wml_obj_enumset_ptr->hvec[ndx].objptr; @@ -286,7 +286,7 @@ /* * Define the sym_k_..._enumval literals */ -fprintf (outfil, canned6); +fprintf (outfil, "%s", canned6); for ( ndx=0 ; ndxcnt ; ndx++ ) { enumvalobj = (WmlEnumValueDefPtr) wml_obj_enumval_ptr->hvec[ndx].objptr; @@ -301,7 +301,7 @@ * Define the sym_k_..._charsize literals * Define the sym_k_..._charset literals */ -fprintf (outfil, canned7); +fprintf (outfil, "%s", canned7); for ( ndx=0 ; ndxcnt ; ndx++ ) { charsetobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; @@ -315,7 +315,7 @@ /* * Define the sym_k_..._child literals */ -fprintf (outfil, canned8); +fprintf (outfil, "%s", canned8); for ( ndx=0 ; ndxcnt ; ndx++ ) { childobj = (WmlChildDefPtr) wml_obj_child_ptr->hvec[ndx].objptr; @@ -379,12 +379,12 @@ printf ("\nCouldn't open UilSymChCL.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Create table entries, similar to writing sym_k... */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); for ( ndx=0 ; ndxcnt ; ndx++ ) { childobj = (WmlChildDefPtr) wml_obj_child_ptr->hvec[ndx].objptr; @@ -392,7 +392,7 @@ fprintf (outfil, " sym_k_%s_object,\n", classobj->tkname); } -fprintf (outfil, canned1a); +fprintf (outfil, "%s", canned1a); /* * close the output file @@ -446,12 +446,12 @@ printf ("\nCouldn't open UilSymArTy.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Create table entries, similar to writing sym_k... */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); for ( ndx=0 ; ndxcnt ; ndx++ ) { resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; @@ -459,7 +459,7 @@ fprintf (outfil, " sym_k_%s_value,\n", datobj->tkname); } -fprintf (outfil, canned1a); +fprintf (outfil, "%s", canned1a); /* * close the output file @@ -509,19 +509,19 @@ printf ("\nCouldn't open UilSymRArg.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Create table entries, similar to writing sym_k... */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); for ( ndx=0 ; ndxcnt ; ndx++ ) { resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; fprintf (outfil, " %d,\n", resobj->related_code); } -fprintf (outfil, canned1a); +fprintf (outfil, "%s", canned1a); /* * close the output file @@ -621,12 +621,12 @@ printf ("\nCouldn't open UilUrmClas.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Write entries for widgets */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); for ( ndx=0 ; ndxcnt ; ndx++ ) { clsobj = (WmlClassDefPtr) wml_obj_class_ptr->hvec[ndx].objptr; @@ -637,7 +637,7 @@ else fprintf (outfil, " \"%s\",\t\n", synobj->convfunc); } -fprintf (outfil, canned2); +fprintf (outfil, "%s", canned2); /* * Write entries for gadget variants of widget classes @@ -661,7 +661,7 @@ synobj->name); } } -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); /* * Write entries for non-dialog widgets @@ -685,7 +685,7 @@ synobj->name); } } -fprintf (outfil, canned4); +fprintf (outfil, "%s", canned4); /* * Write entries for the resource a widget's controls map to @@ -701,7 +701,7 @@ else fprintf (outfil, " sym_k_%s_arg,\n", mapresobj->tkname); } -fprintf (outfil, canned5); +fprintf (outfil, "%s", canned5); /* * Write entries for arguments @@ -714,7 +714,7 @@ fprintf (outfil, " %s,\n", synres->resliteral); } -fprintf (outfil, canned6); +fprintf (outfil, "%s", canned6); /* * Write entries for reasons @@ -727,7 +727,7 @@ fprintf (outfil, " %s,\n", synres->resliteral); } -fprintf (outfil, canned7); +fprintf (outfil, "%s", canned7); /* * close the output file @@ -781,13 +781,13 @@ printf ("\nCouldn't open UilConst.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Process the arguments in code order. We start with 1, and write out * the mask after processing 8 codes. */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); strcpy (maskbuf, "0"); for ( ndx=0 ; ndxcnt ; ndx++ ) { @@ -805,7 +805,7 @@ } if ( bitno != 8 ) fprintf (outfil, "%s", maskbuf); -fprintf (outfil, canned1a); +fprintf (outfil, "%s", canned1a); /* * close the output file @@ -878,8 +878,8 @@ printf ("\nCouldn't open UilSymReas.h"); return; } -fprintf (outfil, canned_warn); -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned_warn); +fprintf (outfil, "%s", canned1); /* * Generate the bit vectors for each class. Outer loop on the reason code, @@ -925,13 +925,13 @@ /* * Write the vector of vectors. */ -fprintf (outfil, canned2); +fprintf (outfil, "%s", canned2); for ( resndx=0 ; resndxcnt ; resndx++ ) { resobj = (WmlResourceDefPtr) wml_obj_reason_ptr->hvec[resndx].objptr; fprintf (outfil, " reason_class_vec%d,\n", resobj->sym_code); } -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); /* * close the output file @@ -1004,8 +1004,8 @@ printf ("\nCouldn't open UilSymArTa.h"); return; } -fprintf (outfil, canned_warn); -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned_warn); +fprintf (outfil, "%s", canned1); /* * Generate the bit vectors for each class. Outer loop on the argument code, @@ -1051,13 +1051,13 @@ /* * Write the vector of vectors. */ -fprintf (outfil, canned2); +fprintf (outfil, "%s", canned2); for ( resndx=0 ; resndxcnt ; resndx++ ) { resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[resndx].objptr; fprintf (outfil, " arg_class_vec%d,\n", resobj->sym_code); } -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); /* * close the output file @@ -1129,8 +1129,8 @@ printf ("\nCouldn't open UilSymChTa.h"); return; } -fprintf (outfil, canned_warn); -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned_warn); +fprintf (outfil, "%s", canned1); /* * Generate the bit vectors for each class. Outer loop on the child code, @@ -1174,13 +1174,13 @@ /* * Write the vector of vectors. */ -fprintf (outfil, canned2); +fprintf (outfil, "%s", canned2); for ( childndx=0 ; childndxcnt ; childndx++ ) { childobj = (WmlChildDefPtr) wml_obj_child_ptr->hvec[childndx].objptr; fprintf (outfil, " child_class_vec%d,\n", childobj->sym_code); } -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); /* * close the output file @@ -1251,8 +1251,8 @@ printf ("\nCouldn't open UilSymCtl.h"); return; } -fprintf (outfil, canned_warn); -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned_warn); +fprintf (outfil, "%s", canned1); /* * Generate the bit vectors for each class. Outer loop on the class code, @@ -1296,13 +1296,13 @@ /* * Write the vector of vectors. */ -fprintf (outfil, canned2); +fprintf (outfil, "%s", canned2); for ( ctlndx=0 ; ctlndxcnt ; ctlndx++ ) { clsobj = (WmlClassDefPtr) wml_obj_class_ptr->hvec[ctlndx].objptr; fprintf (outfil, " object_class_vec%d,\n", clsobj->sym_code); } -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); /* * close the output file @@ -1438,7 +1438,7 @@ printf ("\nCouldn't open UilSymNam.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Write entries for widgets @@ -1517,7 +1517,7 @@ fprintf (outfil, " \"%s\",\n", synch->name); } -fprintf (outfil, canned7); +fprintf (outfil, "%s", canned7); /* * close the output file @@ -1621,12 +1621,12 @@ printf ("\nCouldn't open UilSymEnum.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Generate the enumeration value vectors for each enumeration set. */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); for ( ndx=0 ; ndxcnt ; ndx++ ) { enumsetobj = (WmlEnumSetDefPtr) wml_obj_enumset_ptr->hvec[ndx].objptr; @@ -1643,7 +1643,7 @@ /* * Generate the enumeration set tables */ -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); for ( ndx=0 ; ndxcnt ; ndx++ ) { enumsetobj = (WmlEnumSetDefPtr) wml_obj_enumset_ptr->hvec[ndx].objptr; @@ -1655,7 +1655,7 @@ /* * Create enumset table entries for arguments, similar to writing sym_k... */ -fprintf (outfil, canned4); +fprintf (outfil, "%s", canned4); for ( ndx=0 ; ndxcnt ; ndx++ ) { resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; @@ -1669,13 +1669,13 @@ /* * Create the enumval values table. */ -fprintf (outfil, canned5); +fprintf (outfil, "%s", canned5); for ( ndx=0 ; ndxcnt ; ndx++ ) { evobj = (WmlEnumValueDefPtr) wml_obj_enumval_ptr->hvec[ndx].objptr; fprintf (outfil, " %s,\n", evobj->syndef->enumlit); } -fprintf (outfil, canned5a); +fprintf (outfil, "%s", canned5a); /* * close the output file @@ -1813,12 +1813,12 @@ printf ("\nCouldn't open UilSymCSet.h"); return; } -fprintf (outfil, canned_warn); +fprintf (outfil, "%s", canned_warn); /* * Generate the standards name table */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); for ( ndx=0 ; ndxcnt ; ndx++ ) { csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; @@ -1836,7 +1836,7 @@ /* * Generate the writing direction table */ -fprintf (outfil, canned2); +fprintf (outfil, "%s", canned2); for ( ndx=0 ; ndxcnt ; ndx++ ) { csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; @@ -1858,7 +1858,7 @@ /* * Generate the parsing direction table */ -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); for ( ndx=0 ; ndxcnt ; ndx++ ) { csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; @@ -1880,7 +1880,7 @@ /* * Generate the character size table */ -fprintf (outfil, canned4); +fprintf (outfil, "%s", canned4); for ( ndx=0 ; ndxcnt ; ndx++ ) { csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; @@ -1906,7 +1906,7 @@ /* * Generate the $LANG name recognition table */ -fprintf (outfil, canned5); +fprintf (outfil, "%s", canned5); lang_max = 0; for ( ndx=0 ; ndxcnt ; ndx++ ) { @@ -1936,7 +1936,7 @@ /* * Generate the $LANG code lookup table, in upper case */ -fprintf (outfil, canned6); +fprintf (outfil, "%s", canned6); for ( ndx=0 ; ndxcnt ; ndx++ ) { csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; --- a/tools/wml/wmloutmm.c +++ b/tools/wml/wmloutmm.c @@ -209,9 +209,9 @@ /* * Write out header information */ -fprintf (outfil, canned1); +fprintf (outfil, "%s", canned1); fprintf (outfil, "%s\n", name); -fprintf (outfil, canned2); +fprintf (outfil, "%s", canned2); /* * Alphabetize the controls, reason, and argument lists @@ -287,7 +287,7 @@ else fprintf (outfil, "\n"); } -fprintf (outfil, canned3); +fprintf (outfil, "%s", canned3); /* * Write out the argument table @@ -323,7 +323,7 @@ } argndx += 1; } -fprintf (outfil, canned4); +fprintf (outfil, "%s", canned4); }