Bug#643419: libcroco: FTBFS: cr-statement.c:2614:17: error: format not a string literal and no format arguments [-Werror=format-security]

Didier Raboud odyx at debian.org
Tue Sep 27 12:32:02 UTC 2011 

Source: libcroco
Version: 0.6.2-1
Severity: serious
Tags: wheezy sid
User: debian-qa at lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
>  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../intl -I ../src -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -Wall -c cr-statement.c  -fPIC -DPIC -o .libs/cr-statement.o
> cr-statement.c: In function 'cr_statement_ruleset_to_string':
> cr-statement.c:603:25: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c:614:25: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_font_face_rule_to_string':
> cr-statement.c:670:25: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_at_page_rule_to_string':
> cr-statement.c:773:21: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_media_rule_to_string':
> cr-statement.c:816:47: warning: pointer targets in initialization differ in signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_import_rule_to_string':
> cr-statement.c:868:21: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c:906:21: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c:910:9: warning: pointer targets in return differ in signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_does_buf_parses_against_core':
> cr-statement.c:938:9: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_ruleset_parse_from_buf':
> cr-statement.c:1058:9: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_at_media_rule_parse_from_buf':
> cr-statement.c:1195:9: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_at_import_rule_parse_from_buf':
> cr-statement.c:1381:9: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is of type 'const guchar *'
> cr-statement.c:1414:24: warning: variable 'cur' set but not used [-Wunused-but-set-variable]
> cr-statement.c: In function 'cr_statement_at_page_rule_parse_from_buf':
> cr-statement.c:1510:9: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_at_charset_rule_parse_from_buf':
> cr-statement.c:1626:9: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_font_face_rule_parse_from_buf':
> cr-statement.c:1723:9: warning: pointer targets in passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_dump_ruleset':
> cr-statement.c:2612:13: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c:2614:17: warning: pointer targets in passing argument 2 of 'fprintf' differ in signedness [-Wpointer-sign]
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:96:1: note: expected 'const char * __restrict__' but argument is of type 'guchar *'
> cr-statement.c:2614:17: error: format not a string literal and no format arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_charset':
> cr-statement.c:2662:13: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c:2665:17: warning: pointer targets in passing argument 2 of 'fprintf' differ in signedness [-Wpointer-sign]
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:96:1: note: expected 'const char * __restrict__' but argument is of type 'guchar *'
> cr-statement.c:2665:17: error: format not a string literal and no format arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_page':
> cr-statement.c:2690:13: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
> cr-statement.c:2692:17: warning: pointer targets in passing argument 2 of 'fprintf' differ in signedness [-Wpointer-sign]
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:96:1: note: expected 'const char * __restrict__' but argument is of type 'guchar *'
> cr-statement.c:2692:17: error: format not a string literal and no format arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_media_rule':
> cr-statement.c:2718:17: error: format not a string literal and no format arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_import_rule':
> cr-statement.c:2744:17: error: format not a string literal and no format arguments [-Werror=format-security]
> cc1: some warnings being treated as errors
> 
> make[3]: *** [cr-statement.lo] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/09/23/libcroco_0.6.2-1_lsid64.buildlog

This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
under various conditions.

[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.

More information about the pkg-gnome-maintainers mailing list