Bug#997149: daisy-player: FTBFS: daisy-player.c:1852:37: error: format not a string literal and no format arguments [-Werror=format-security]
Lucas Nussbaum
lucas at debian.org
Sat Oct 23 20:05:44 BST 2021
Source: daisy-player
Version: 12.1-1
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o playfile.o playfile.c
> In file included from /usr/include/string.h:519,
> from daisy.h:21,
> from common.c:20:
> In function ‘strncpy’,
> inlined from ‘get_attributes’ at common.c:637:7:
> daisy-player.c: In function ‘handle_discinfo’:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ specified bound 255 equals destination size [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> daisy-player.c:1852:37: error: format not a string literal and no format arguments [-Werror=format-security]
> 1852 | mvwprintw (misc->titlewin, 0, 0, str);
> | ^~~
> In function ‘strncpy’,
> inlined from ‘get_attributes’ at common.c:647:10:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In function ‘strncpy’,
> inlined from ‘get_attributes’ at common.c:650:10:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In function ‘strncpy’,
> inlined from ‘get_attributes’ at common.c:651:10:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In function ‘strncpy’,
> inlined from ‘get_attributes’ at common.c:674:10:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In function ‘strncpy’,
> inlined from ‘get_attributes’ at common.c:703:7:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output may be truncated copying 5 bytes from a string of length 254 [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> daisy-player.c:1891:28: error: format not a string literal and no format arguments [-Werror=format-security]
> 1891 | misc->discinfo_title);
> | ~~~~^~~~~~~~~~~~~~~~
> daisy-player.c: In function ‘main’:
> daisy-player.c:2579:36: error: format not a string literal and no format arguments [-Werror=format-security]
> 2579 | mvwprintw (misc.titlewin, 0, 0, str);
> | ^~~
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o ncx.o ncx.c
> In function ‘strncpy’,
> inlined from ‘handle_ncc_html’ at common.c:291:4:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o opf.o opf.c
> In file included from /usr/include/string.h:519,
> from daisy.h:21,
> from daisy-player.c:20:
> In function ‘strncpy’,
> inlined from ‘get_clips’ at daisy-player.c:66:4:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from /usr/include/string.h:519,
> from daisy.h:21,
> from ncx.c:20:
> In function ‘strncpy’,
> inlined from ‘fill_smil_anchor_ncx’ at ncx.c:136:25:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In function ‘strncpy’,
> inlined from ‘parse_content_ncx’ at ncx.c:232:13:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In function ‘strncpy’,
> inlined from ‘parse_ncx’ at ncx.c:294:13:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from /usr/include/string.h:519,
> from daisy.h:21,
> from opf.c:20:
> In function ‘strncpy’,
> inlined from ‘parse_smil_opf’ at opf.c:144:10:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/madplay.o madplay/madplay.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/audio.o madplay/audio.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/crc.o madplay/crc.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/version.o madplay/version.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/tag.o madplay/tag.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/player.o madplay/player.c
> madplay/player.c: In function ‘decode_output’:
> madplay/player.c:630:9: warning: taking the absolute value of unsigned type ‘unsigned int’ has no effect [-Wabsolute-value]
> 630 | if (abs(output->speed_out - output->speed_in) <
> | ^~~
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/audio_wave.o madplay/audio_wave.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/resample.o madplay/resample.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/rgain.o madplay/rgain.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/filter.o madplay/filter.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o madplay/audio_cdda.o madplay/audio_cdda.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o pactl/src/core-util.o pactl/src/core-util.c
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o pactl/src/strbuf.o pactl/src/strbuf.c
> In function ‘strncpy’,
> inlined from ‘main’ at daisy-player.c:2557:7:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
> 91 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -I . -I /usr/include/cdio/ -I /usr/include/cdio/paranoia/ -I /usr/include/libxml2/ -D LOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wunused -Wunused-variable -Wunused-function -Wmissing-declarations -g -I /usr/include/libxml2/ -O3 -Wuninitialized -Winit-self -DPROGRAMNAME_LOCALEDIR=\"\" -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -I/usr/include/libxml2 -c -o pactl/src/pactl.o pactl/src/pactl.c
> cc1: some warnings being treated as errors
> make[4]: *** [Makefile:525: daisy-player.o] Error 1
The full build log is available from:
http://qa-logs.debian.net/2021/10/23/daisy-player_12.1-1_unstable.log
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
If you reassign this bug to another package, please marking it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
More information about the Pkg-a11y-devel
mailing list