1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
From 9d5032d1487a8fe6ef7229d413418a27e32a28e5 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyich@gmail.com>
Date: Mon, 1 Nov 2021 07:51:10 +0000
Subject: [PATCH:gptfdisk] gptcurses.cc: always use "%s"-style format for printf()-style
functions
`ncuses-6.3` added printf-style function attributes and now makes
it easier to catch cases when user input is used in palce of format
string when built with CFLAGS=-Werror=format-security:
gptcurses.cc:274:10: error:
format not a string literal and no format arguments [-Werror=format-security]
274 | printw(theLine.c_str());
| ~~~~~~^~~~~~~~~~~~~~~~~
Let's wrap all the missing places with "%s" format.
---
gptcurses.cc | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/gptcurses.cc
+++ b/gptcurses.cc
@@ -239,22 +239,22 @@ Space* GPTDataCurses::ShowSpace(int spaceNum, int lineNum) {
ClearLine(lineNum);
if (space->partNum == -1) { // space is empty
move(lineNum, 12);
- printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
+ printw("%s", BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
move(lineNum, 24);
printw("free space");
} else { // space holds a partition
move(lineNum, 3);
printw("%d", space->partNum + 1);
move(lineNum, 12);
- printw(BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
+ printw("%s", BytesToIeee((space->lastLBA - space->firstLBA + 1), blockSize).c_str());
move(lineNum, 24);
- printw(space->origPart->GetTypeName().c_str());
+ printw("%s", space->origPart->GetTypeName().c_str());
move(lineNum, 50);
#ifdef USE_UTF16
space->origPart->GetDescription().extract(0, 39, temp, 39);
- printw(temp);
+ printw("%s", temp);
#else
- printw(space->origPart->GetDescription().c_str());
+ printw("%s", space->origPart->GetDescription().c_str());
#endif
} // if/else
} // if
@@ -271,10 +271,10 @@ int GPTDataCurses::DisplayParts(int selected) {
move(lineNum++, 0);
theLine = "Part. # Size Partition Type Partition Name";
- printw(theLine.c_str());
+ printw("%s", theLine.c_str());
move(lineNum++, 0);
theLine = "----------------------------------------------------------------";
- printw(theLine.c_str());
+ printw("%s", theLine.c_str());
numToShow = LINES - RESERVED_TOP - RESERVED_BOTTOM;
pageNum = selected / numToShow;
for (i = pageNum * numToShow; i <= (pageNum + 1) * numToShow - 1; i++) {
@@ -636,7 +636,7 @@ void GPTDataCurses::DisplayOptions(char selectedKey) {
} // if/else
} // for
move(LINES - 1, (COLS - optionDesc.length()) / 2);
- printw(optionDesc.c_str());
+ printw("%s", optionDesc.c_str());
currentKey = selectedKey;
} // if
} // GPTDataCurses::DisplayOptions()
@@ -748,11 +748,11 @@ void GPTDataCurses::DrawMenu(void) {
clear();
move(0, (COLS - title.length()) / 2);
- printw(title.c_str());
+ printw("%s", title.c_str());
move(2, (COLS - drive.length()) / 2);
- printw(drive.c_str());
+ printw("%s", drive.c_str());
move(3, (COLS - size.str().length()) / 2);
- printw(size.str().c_str());
+ printw("%s", size.str().c_str());
DisplayParts(currentSpaceNum);
} // DrawMenu
@@ -802,7 +802,7 @@ void PromptToContinue(void) {
void Report(string theText) {
clear();
move(0, 0);
- printw(theText.c_str());
+ printw("%s", theText.c_str());
move(LINES - 2, (COLS - 29) / 2);
printw("Press any key to continue....");
cbreak();
|
