This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: [PATCH][AVR] fix unsafe uses of sprintf
- From: mszanetti <mszanetti at yahoo dot com>
- To: binutils at sourceware dot org
- Date: Sun, 15 Feb 2009 04:33:25 -0800 (PST)
- Subject: Re: [PATCH][AVR] fix unsafe uses of sprintf
- References: <6defe8840811021114p1a5a3eb7sa0b29738310603f7@mail.gmail.com>
HI
Sorry I am just a NOOB ... What should I do to use the patch for fixing the
issue below?
Thank you
Denver Gingerich wrote:
>
> Under Ubuntu 8.10 when configuring with --target=avr, the binutils
> 2.19 build process produces the following errors:
>
> libtool: compile: gcc -DHAVE_CONFIG_H -I.
> -I../../binutils-2.19/opcodes -I. -I. -I../../binutils-2.19/opcodes
> -I../bfd -I../../binutils-2.19/opcodes/../include
> -I../../binutils-2.19/opcodes/../bfd -W -Wall -Wstrict-prototypes
> -Wmissing-prototypes -Werror -g -O2 -c
> ../../binutils-2.19/opcodes/avr-dis.c -o avr-dis.o
> cc1: warnings being treated as errors
> ../../binutils-2.19/opcodes/avr-dis.c: In function 'avr_operand':
> ../../binutils-2.19/opcodes/avr-dis.c:112: error: format not a string
> literal and no format arguments
> ../../binutils-2.19/opcodes/avr-dis.c:152: error: format not a string
> literal and no format arguments
> ../../binutils-2.19/opcodes/avr-dis.c:161: error: format not a string
> literal and no format arguments
> ../../binutils-2.19/opcodes/avr-dis.c:172: error: format not a string
> literal and no format arguments
>
> These appear to be caused by the default use of -Wformat-security in
> Ubuntu 8.10, as described in
> http://lists.gnu.org/archive/html/bug-binutils/2008-09/msg00034.html.
>
> The below patch fixes these errors.
>
> Denver
> http://ossguy.com/
>
>
> diff -pur a/opcodes/avr-dis.c b/opcodes/avr-dis.c
> --- a/opcodes/avr-dis.c 2007-07-05 05:49:00.000000000 -0400
> +++ b/opcodes/avr-dis.c 2008-11-02 12:00:22.000000000 -0500
> @@ -109,7 +109,7 @@ avr_operand (unsigned int insn, unsigned
> case 0x100e: xyz = "-X"; break;
> default: xyz = "??"; ok = 0;
> }
> - sprintf (buf, xyz);
> + sprintf (buf, "%s", xyz);
>
> if (AVR_UNDEF_P (insn))
> sprintf (comment, _("undefined"));
> @@ -149,7 +149,7 @@ avr_operand (unsigned int insn, unsigned
> value of the address only once, but this would mean recoding
> objdump_print_address() which would affect many targets. */
> sprintf (buf, "%#lx", (unsigned long) *sym_addr);
> - sprintf (comment, comment_start);
> + sprintf (comment, "%s", comment_start);
> break;
>
> case 'L':
> @@ -158,7 +158,7 @@ avr_operand (unsigned int insn, unsigned
> sprintf (buf, ".%+-8d", rel_addr);
> *sym = 1;
> *sym_addr = pc + 2 + rel_addr;
> - sprintf (comment, comment_start);
> + sprintf (comment, "%s", comment_start);
> }
> break;
>
> @@ -169,7 +169,7 @@ avr_operand (unsigned int insn, unsigned
> sprintf (buf, ".%+-8d", rel_addr);
> *sym = 1;
> *sym_addr = pc + 2 + rel_addr;
> - sprintf (comment, comment_start);
> + sprintf (comment, "%s", comment_start);
> }
> break;
>
>
--
View this message in context: http://www.nabble.com/-PATCH--AVR--fix-unsafe-uses-of-sprintf-tp20292895p22022124.html
Sent from the Sourceware - binutils list mailing list archive at Nabble.com.