php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58490 -Werror=format-security
Submitted: 2009-01-04 09:20 UTC Modified: 2015-04-07 19:38 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: oden dot eriksson at envitory dot se Assigned:
Status: Suspended Package: tk (PECL)
PHP Version: 5.2.5 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: oden dot eriksson at envitory dot se
New email:
PHP Version: OS:

 

 [2009-01-04 09:20 UTC] oden dot eriksson at envitory dot se
Description:
------------
The build fails with -Werror=format-security


Reproduce code:
---------------
tk.c:736: error: format not a string literal and no format arguments
tk.c:743: error: format not a string literal and no format arguments


Expected result:
----------------
It should build.

Actual result:
--------------
Proposed fix:

--- tk.c        2004-11-14 19:07:32.000000000 +0100
+++ tk.c.oden   2009-01-04 15:14:35.000000000 +0100
@@ -733,14 +733,14 @@ static void php_tk_terminal(zval *return
                         * On arr?te l'execution en affichant une erreur fatale.
                         */
                        case RETURN_WIDGET:
-                               zend_error(E_ERROR, tk_return_value);
+                               zend_error(E_ERROR, "%s", tk_return_value);
                        break;

                        /* Autre, on affiche un avertissement
                         * et on retourne une valeur de type bool?en n?gatif, la commande a ?chou?.
                         */
                        default:
-                               zend_error(E_WARNING, tk_return_value);
+                               zend_error(E_WARNING, "%s", tk_return_value);

                                return_value->type = IS_BOOL;
                                return_value->value.lval = 0;


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-07 19:38 UTC] cmb@php.net
-Status: Open +Status: Suspended
 [2015-04-07 19:38 UTC] cmb@php.net
Sorry, but apparently this package is not maintained anymore.
Marking this bug as "Suspended" for now.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 09 11:01:27 2024 UTC