Originally reported by Sourceforge User: fsateler
Many linux distributions, including Debian and Ubuntu, are now enabling -Wformat -Werror=format-security by default. This can lead to failure to build the csound packages.
The number of errors are > 1000. They mostly fall into two categories:
- csoundMessage(Str("some message without format args"))
Most of these can be fixed by adding the GCC attribute format_args(1) to csoundLocalizeMessage. This attribute enables GCC to assume that the constant string (or a developer-controlled version of it) is what gets passed to csoundMessage, thus resulting in correct messages. Gettext has utilities that can perform validation of the translated strings (good idea to use anyway!).
- char* str = "something"; csoundMessage(str)
Apparently the gcc analyzer is not smart enough to trace the origin of a variable passed into csoundMessage, to verify if it complies with the format rules. This is more complicated when str assignment is conditional on error conditions (because it is not as trivial as moving code around).
I have not analyzed all the warnings. Some may in fact be real format string errors, but the sheer number of false positives makes it a lengthy task to analyze.
该提问来源于开源项目:csound/csound
