This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[PATCH][AVR] fix unsafe uses of sprintf
- From: "Denver Gingerich" <denver at ossguy dot com>
- To: binutils at sourceware dot org
- Date: Sun, 2 Nov 2008 14:14:12 -0500
- Subject: [PATCH][AVR] fix unsafe uses of sprintf
Under Ubuntu 8.10 when configuring with --target=avr, the binutils
2.19 build process produces the following errors:
libtool: compile: gcc -DHAVE_CONFIG_H -I.
-I../../binutils-2.19/opcodes -I. -I. -I../../binutils-2.19/opcodes
-I../bfd -I../../binutils-2.19/opcodes/../include
-I../../binutils-2.19/opcodes/../bfd -W -Wall -Wstrict-prototypes
-Wmissing-prototypes -Werror -g -O2 -c
../../binutils-2.19/opcodes/avr-dis.c -o avr-dis.o
cc1: warnings being treated as errors
../../binutils-2.19/opcodes/avr-dis.c: In function 'avr_operand':
../../binutils-2.19/opcodes/avr-dis.c:112: error: format not a string
literal and no format arguments
../../binutils-2.19/opcodes/avr-dis.c:152: error: format not a string
literal and no format arguments
../../binutils-2.19/opcodes/avr-dis.c:161: error: format not a string
literal and no format arguments
../../binutils-2.19/opcodes/avr-dis.c:172: error: format not a string
literal and no format arguments
These appear to be caused by the default use of -Wformat-security in
Ubuntu 8.10, as described in
http://lists.gnu.org/archive/html/bug-binutils/2008-09/msg00034.html.
The below patch fixes these errors.
Denver
http://ossguy.com/
diff -pur a/opcodes/avr-dis.c b/opcodes/avr-dis.c
--- a/opcodes/avr-dis.c 2007-07-05 05:49:00.000000000 -0400
+++ b/opcodes/avr-dis.c 2008-11-02 12:00:22.000000000 -0500
@@ -109,7 +109,7 @@ avr_operand (unsigned int insn, unsigned
case 0x100e: xyz = "-X"; break;
default: xyz = "??"; ok = 0;
}
- sprintf (buf, xyz);
+ sprintf (buf, "%s", xyz);
if (AVR_UNDEF_P (insn))
sprintf (comment, _("undefined"));
@@ -149,7 +149,7 @@ avr_operand (unsigned int insn, unsigned
value of the address only once, but this would mean recoding
objdump_print_address() which would affect many targets. */
sprintf (buf, "%#lx", (unsigned long) *sym_addr);
- sprintf (comment, comment_start);
+ sprintf (comment, "%s", comment_start);
break;
case 'L':
@@ -158,7 +158,7 @@ avr_operand (unsigned int insn, unsigned
sprintf (buf, ".%+-8d", rel_addr);
*sym = 1;
*sym_addr = pc + 2 + rel_addr;
- sprintf (comment, comment_start);
+ sprintf (comment, "%s", comment_start);
}
break;
@@ -169,7 +169,7 @@ avr_operand (unsigned int insn, unsigned
sprintf (buf, ".%+-8d", rel_addr);
*sym = 1;
*sym_addr = pc + 2 + rel_addr;
- sprintf (comment, comment_start);
+ sprintf (comment, "%s", comment_start);
}
break;