[PATCH] Fix sis driver to compile with -Werror=format-security
Colin Guthrie
gmane at colin.guthr.ie
Tue Dec 23 10:55:42 PST 2008
'Twas brillig, and Ander Conselvan de Oliveira at 23/12/08 18:10 did
gyre and gimble:
> Em Tuesday 23 December 2008 15:43:26 Eric Anholt escreveu:
>> On Tue, 2008-12-23 at 13:25 -0200, Ander Conselvan de Oliveira wrote:
>>> The attached patch fix the sis driver to compile with
>>> -Werror=format-security.
>> Some of those strings are predefined and visible in the patch you posted
>> (not a security issue). I certainly wouldn't apply this patch.
>
> To be honest, I was not concerned with the security issues this might have but
> with the fact that is does not compile. Mandriva's build system sets this
> flag by default and this might be the case for other distros.
Well we are doing it based on inspiration from other distros:
http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments
http://wiki.debian.org/Hardening
https://wiki.ubuntu.com/CompilerFlags
So I think it would be beneficial to get this fix into the official repos.
I posted a similar fix for xserver a few days back which ajax applied.
While the "fix" is arguably unnecessary, they are also trivial so I
wouldn't have thought they would be overly controversial, considering
the potential issues that could be caught.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
More information about the xorg
mailing list