Bug#643386: ghex: FTBFS: ui.c:920:4: error: format not a string literal and no format arguments [-Werror=format-security]

Didier Raboud odyx at debian.org
Tue Sep 27 12:28:02 UTC 2011 

Source: ghex
Version: 2.24.0-1
Severity: serious
Tags: wheezy sid
User: debian-qa at lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> gcc -DHAVE_CONFIG_H -I. -I.. -DGNOMEICONDIR=\""/usr/share/pixmaps"\" -DGNOMELOCALEDIR=\""/usr/share/locale"\" -DLOCALEDIR=\"/usr/share/locale\" -DDATADIR=\""/usr/share"\" -DPREFIX=\""/usr"\" -pthread -DORBIT2=1 -D_REENTRANT -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/gail-1.0 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libgnomeui-2.0 -I/usr/include/libart-2.0 -I/usr/include/gconf/2 -I/usr/include/gnome-keyring-1 -I/usr/include/libgnome-2.0 -I/usr/include/libbonoboui-2.0 -I/usr/include/libgnomecanvas-2.0 -I/usr/include/gnome-vfs-2.0 -I/usr/lib/gnome-vfs-2.0/include -I/usr/include/orbit-2.0 -I/usr/include/libbonobo-2.0 -I/usr/include/bonobo-activation-2.0 -I/usr/include/libxml2 -I/usr/include/libgnomeprintui-2.2 -I/usr/include/libgnomeprint-2.2   -pthread -I/usr/include/gail-1.0 -I/usr/include/atk-1.0 -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/cairo -I/usr/include/gio-unix-2.0/       -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -c ui.c
> ui.c: In function 'about_response_cb':
> ui.c:239:4: warning: passing argument 1 of 'gtk_widget_destroy' from incompatible pointer type [enabled by default]
> /usr/include/gtk-2.0/gtk/gtkwidget.h:837:9: note: expected 'struct GtkWidget *' but argument is of type 'struct GtkDialog *'
> ui.c: In function 'ghex_print_run_dialog':
> ui.c:864:9: warning: pointer targets in passing argument 2 of 'gnome_print_dialog_new' differ in signedness [-Wpointer-sign]
> /usr/include/libgnomeprintui-2.2/libgnomeprintui/gnome-print-dialog.h:92:13: note: expected 'const guchar *' but argument is of type 'const char *'
> ui.c:875:4: warning: pointer targets in passing argument 5 of 'gnome_print_dialog_construct_range_page' differ in signedness [-Wpointer-sign]
> /usr/include/libgnomeprintui-2.2/libgnomeprintui/gnome-print-dialog.h:100:6: note: expected 'const guchar *' but argument is of type 'char *'
> ui.c:875:4: warning: pointer targets in passing argument 6 of 'gnome_print_dialog_construct_range_page' differ in signedness [-Wpointer-sign]
> /usr/include/libgnomeprintui-2.2/libgnomeprintui/gnome-print-dialog.h:100:6: note: expected 'const guchar *' but argument is of type 'char *'
> ui.c: In function 'ghex_print_preview_real':
> ui.c:902:2: warning: pointer targets in passing argument 2 of 'gnome_print_job_preview_new' differ in signedness [-Wpointer-sign]
> /usr/include/libgnomeprintui-2.2/libgnomeprintui/gnome-print-job-preview.h:48:13: note: expected 'const guchar *' but argument is of type 'gchar *'
> ui.c: In function 'display_error_dialog':
> ui.c:920:4: error: format not a string literal and no format arguments [-Werror=format-security]
> ui.c: In function 'display_info_dialog':
> ui.c:945:4: error: format not a string literal and no format arguments [-Werror=format-security]
> cc1: some warnings being treated as errors
> 
> make[4]: *** [ui.o] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/09/23/ghex_2.24.0-1_lsid64.buildlog

This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
under various conditions.

[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.

More information about the pkg-gnome-maintainers mailing list