diff mbox series

[oe,meta-oe,01/14] t1lib: Fix printf format string errors

Message ID 20170307071349.16444-1-raj.khem@gmail.com
State Accepted
Commit d6c99da9d058e237a89eaa88eed1af1af8c43114
Headers show
Series [oe,meta-oe,01/14] t1lib: Fix printf format string errors | expand

Commit Message

Khem Raj March 7, 2017, 7:13 a.m. UTC 
Signed-off-by: Khem Raj <raj.khem@gmail.com>

---
 .../t1lib/t1lib-5.1.2/format_security.patch        | 41 ++++++++++++++++++++++
 meta-oe/recipes-extended/t1lib/t1lib_5.1.2.bb      |  3 +-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-extended/t1lib/t1lib-5.1.2/format_security.patch

-- 
2.12.0

-- 
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/t1lib/t1lib-5.1.2/format_security.patch b/meta-oe/recipes-extended/t1lib/t1lib-5.1.2/format_security.patch
new file mode 100644
index 000000000..8b4ce400f
--- /dev/null
+++ b/meta-oe/recipes-extended/t1lib/t1lib-5.1.2/format_security.patch
@@ -0,0 +1,41 @@ 
+Fix printf formats to use format qualifiers
+fixes
+
+error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Pending
+
+--- a/lib/type1/objects.c
++++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+  
+        sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+                   name, TypeFmt(expect), TypeFmt(obj->type));
+-       IfTrace0(TRUE,typemsg);
++       IfTrace1(TRUE, "%s", typemsg);
+  
+        ObjectPostMortem(obj);
+  
+--- a/lib/t1lib/t1subset.c
++++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ 	     tr_len);
+     T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ 		 T1LOG_DEBUG);
+-    l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
++    l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
+   }
+   
+   /* compute size of output file */
+--- a/lib/type1/objects.h
++++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model)                                 \
+-        {if (condition) printf(model);}
++        {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0)                            \
+         {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1)                       \
diff --git a/meta-oe/recipes-extended/t1lib/t1lib_5.1.2.bb b/meta-oe/recipes-extended/t1lib/t1lib_5.1.2.bb
index 1d670a7d7..826dbda85 100644
--- a/meta-oe/recipes-extended/t1lib/t1lib_5.1.2.bb
+++ b/meta-oe/recipes-extended/t1lib/t1lib_5.1.2.bb
@@ -9,7 +9,8 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b \
 
 SRC_URI = "${DEBIAN_MIRROR}/main/t/t1lib/t1lib_${PV}.orig.tar.gz \
            file://configure.patch \
-           file://libtool.patch"
+           file://libtool.patch \
+           file://format_security.patch"
 SRC_URI[md5sum] = "a5629b56b93134377718009df1435f3c"
 SRC_URI[sha256sum] = "821328b5054f7890a0d0cd2f52825270705df3641dbd476d58d17e56ed957b59"