[OE-core] [PATCH] security_flags.inc: libidn fails to build w/ -Wformat-security
Alexander Kanavin
alexander.kanavin at linux.intel.com
Mon Jun 27 09:42:28 UTC 2016
On 06/27/2016 12:10 PM, Burton, Ross wrote:
> ../../libidn-1.32/src/idn.c: In function 'main':
> ../../libidn-1.32/src/idn.c:172:7: error: format not a string
> literal and no format arguments [-Werror=format-security]
> error (0, 0, _("only one of -s, -e, -d, -a, -u or -n can be
> specified"));
>
>
> As libidn will be dealing with data from the network it seems like the
> sort of package that should be built with format-security enabled.
> Wouldn't it be better to fix up the calls to error() instead?
Also, in general the point of adding this check was that we try to fix
the problems in the code. Adding packages to the list of exceptions is
missing the point :)
Please write a patch - I'd say we should accept new exceptions only if
fixing the code is shown to be too difficult.
Alex
More information about the Openembedded-core
mailing list