php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58490 -Werror=format-security
Submitted: 2009-01-04 09:20 UTC Modified: 2015-04-07 19:38 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: oden dot eriksson at envitory dot se Assigned:
Status: Suspended Package: tk (PECL)
PHP Version: 5.2.5 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-01-04 09:20 UTC] oden dot eriksson at envitory dot se
Description:
------------
The build fails with -Werror=format-security


Reproduce code:
---------------
tk.c:736: error: format not a string literal and no format arguments
tk.c:743: error: format not a string literal and no format arguments


Expected result:
----------------
It should build.

Actual result:
--------------
Proposed fix:

--- tk.c        2004-11-14 19:07:32.000000000 +0100
+++ tk.c.oden   2009-01-04 15:14:35.000000000 +0100
@@ -733,14 +733,14 @@ static void php_tk_terminal(zval *return
                         * On arr?te l'execution en affichant une erreur fatale.
                         */
                        case RETURN_WIDGET:
-                               zend_error(E_ERROR, tk_return_value);
+                               zend_error(E_ERROR, "%s", tk_return_value);
                        break;

                        /* Autre, on affiche un avertissement
                         * et on retourne une valeur de type bool?en n?gatif, la commande a ?chou?.
                         */
                        default:
-                               zend_error(E_WARNING, tk_return_value);
+                               zend_error(E_WARNING, "%s", tk_return_value);

                                return_value->type = IS_BOOL;
                                return_value->value.lval = 0;


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-07 19:38 UTC] cmb@php.net
-Status: Open +Status: Suspended
 [2015-04-07 19:38 UTC] cmb@php.net
Sorry, but apparently this package is not maintained anymore.
Marking this bug as "Suspended" for now.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Jan 21 05:01:23 2020 UTC