From 20c107bce203e7c4d8fb0ed089c5ca368c43e89e Mon Sep 17 00:00:00 2001 From: Peter Howkins Date: Wed, 22 Aug 2012 11:28:36 +0100 Subject: [PATCH] dtcalc: Resolve "format not a string literal and no format arguments [-Wformat-security]" warnings. Fix warnings related to secruity concerns on varargs functions. By specifying "%s" on single string calls to sprintf() (and related) it's not possible to have a % in the input string causing random data to be read off the stack. --- cde/programs/dtcalc/calctool.c | 8 ++++---- cde/programs/dtcalc/motif.c | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cde/programs/dtcalc/calctool.c b/cde/programs/dtcalc/calctool.c index 063f09c4..ce349764 100644 --- a/cde/programs/dtcalc/calctool.c +++ b/cde/programs/dtcalc/calctool.c @@ -563,7 +563,7 @@ char *argv[] ; { msg = (char *) XtMalloc(strlen( opts[(int) O_ACCRANGE]) + 3); - sprintf(msg, opts[(int) O_ACCRANGE]); + sprintf(msg, "%s", opts[(int) O_ACCRANGE]); _DtSimpleError (v->appname, DtWarning, NULL, msg); XtFree(msg); v->accuracy = 2 ; @@ -619,7 +619,7 @@ char *argv[] ; { msg = (char *) XtMalloc(strlen( opts[(int) O_BASE]) + 3); - sprintf(msg, opts[(int) O_BASE]); + sprintf(msg, "%s", opts[(int) O_BASE]); _DtSimpleError (v->appname, DtWarning, NULL, msg); XtFree(msg); v->base = DEC ; @@ -1688,8 +1688,8 @@ usage(progname) char *progname ; { FPRINTF(stderr, ustrs[(int) USAGE1], PATCHLEVEL) ; - FPRINTF(stderr, ustrs[(int) USAGE2]) ; - FPRINTF(stderr, ustrs[(int) USAGE3]) ; + FPRINTF(stderr, "%s", ustrs[(int) USAGE2]) ; + FPRINTF(stderr, "%s", ustrs[(int) USAGE3]) ; exit(1) ; } diff --git a/cde/programs/dtcalc/motif.c b/cde/programs/dtcalc/motif.c index a367d9af..e56a0f47 100644 --- a/cde/programs/dtcalc/motif.c +++ b/cde/programs/dtcalc/motif.c @@ -312,7 +312,7 @@ char **argv ; tmpStr = GETMESSAGE(2, 31, "Could not open display.\n"); msg = XtNewString(tmpStr); - FPRINTF(stderr, msg) ; + FPRINTF(stderr, "%s", msg) ; exit(1) ; } @@ -3294,7 +3294,7 @@ XtPointer client_data, call_data ; if ((strcmp(X->cfval, "") == 0) || X->cfval[0] < '0' || X->cfval[0] > '9' || X->cfno < 0 || X->cfno > 9) { - SPRINTF(str, (X->CFtype == M_CON) ? vstrs[(int) V_LCON] + SPRINTF(str, "%s", (X->CFtype == M_CON) ? vstrs[(int) V_LCON] : vstrs[(int) V_LFUN]) ; SPRINTF(message, "%s\n%s", str, vstrs[(int) V_RANGE]) ; do_continue_notice(X->CFframe, message) ; @@ -3701,7 +3701,7 @@ read_resources() /* Read all possible resources from the database. */ else { msg = (char *) XtMalloc(strlen( opts[(int) O_BASE]) + 3); - sprintf(msg, opts[(int) O_BASE]); + sprintf(msg, "%s", opts[(int) O_BASE]); _DtSimpleError (v->appname, DtWarning, NULL, msg); XtFree(msg); v->base = (enum base_type) 2; @@ -4422,7 +4422,7 @@ RestoreSession() if (v->accuracy < 0 || v->accuracy > 9) { msg = (char *) XtMalloc(strlen( opts[(int) O_ACCRANGE]) + 3); - sprintf(msg, opts[(int) O_ACCRANGE]); + sprintf(msg, "%s", opts[(int) O_ACCRANGE]); _DtSimpleError (v->appname, DtWarning, NULL, msg); XtFree(msg); v->accuracy = 2 ; @@ -4437,7 +4437,7 @@ RestoreSession() if (i == MAXBASES) { msg = (char *) XtMalloc(strlen( opts[(int) O_BASE]) + 3); - sprintf(msg, opts[(int) O_BASE]); + sprintf(msg, "%s", opts[(int) O_BASE]); _DtSimpleError (v->appname, DtWarning, NULL, msg); XtFree(msg); } -- 2.25.1