| Subject: | compiling with -Werror=format-security fails |
Hi,
Mandriva compiles C source code with -Werror=format-security and Debian
plans to do this too (see
http://article.gmane.org/gmane.comp.lang.perl.perl5.porters/105559).
Compiling YAML::Syck fails with the following error message if
-Werror=format-security is used:
In file included from Syck.xs:2:0:
perl_common.h: In function 'perl_syck_error_handler':
perl_common.h:79:9: warning: format '%ld' expects argument of type 'long
int', but argument 4 has type 'int' [-Wformat]
perl_common.h:79:9: error: format not a string literal and no format
arguments [-Werror=format-security]
This is the function in perl_common.h that GCC complains about:
void perl_syck_error_handler(SyckParser *p, char *msg) {
croak(form( "%s parser (line %d, column %ld): %s",
"Syck",
p->linect + 1,
p->cursor - p->lineptr,
msg ));
}
The form() call seems to be redundant as croak() already accepts a
format. I've attached a patch that removes form() and thus makes GCC
happy. The patch also casts the result of (p->cursor - p->lineptr) to
"long" in order to get rid of the warning regarding '%ld'.
--
Regards,
Andreas
| Subject: | perl_common_h.diff.txt |
--- perl_common.h.orig 2011-11-02 08:33:59.000000000 +0100
+++ perl_common.h 2012-02-08 17:50:20.000000000 +0100
@@ -72,11 +72,11 @@
}
void perl_syck_error_handler(SyckParser *p, char *msg) {
- croak(form( "%s parser (line %d, column %ld): %s",
+ croak("%s parser (line %d, column %ld): %s",
"Syck",
p->linect + 1,
- p->cursor - p->lineptr,
- msg ));
+ (long) (p->cursor - p->lineptr),
+ msg );
}
void perl_syck_output_handler(SyckEmitter *e, char *str, long len) {