Enabling "-Werror=format-security" by default

Jerry James loganjerry at gmail.com
Wed Nov 20 16:13:30 UTC 2013

On Wed, Nov 20, 2013 at 8:57 AM, Dhiru Kholia <dhiru.kholia at gmail.com> wrote:
> Currently, around 400 packages FTBFS if this flag is enabled. I am all
> set to start filing the bugs (once given the green signal). In addition,
> I am willing to help in patching these packages. I believe that this
> work is important and will benefit everyone (including upstream and
> other distributions).

It would have been nice if you had mentioned which packages failed to
build, so maintainers could start looking at them.  I found this by
digging around a little:


And the very first package I maintain that appears on that list, abe,
is an interesting one.  The game has an internal function,
path_sprintf(), which is static in Game.c.  All callers of that
function are visible in the same file, and all pass constant strings
into the function, which passes those constant strings to sprintf().
The function's purpose is to produce a pathname for a file of interest
to the caller in the game's installed location.  It's too bad that
gcc's analysis cannot span function calls inside a compilation unit.
There really is nothing wrong with this code.
Jerry James

More information about the devel mailing list