search

DGA-MI-SSI / YaCo

YaCo is an Hex-Rays IDA plugin. When enabled, multiple users can work simultaneously on the same binary. Any modification done by any user is synchronized through git version control.
GNU General Public License v3.0
313 stars 36 forks source link

Error when compiling #48

Closed soggysec closed 6 years ago

soggysec commented 6 years ago

YaCo fails to build with a format-security error.

Scanning dependencies of target yatools
[ 85%] Building CXX object CMakeFiles/yatools.dir/home/user/git/YaCo/YaLibs/YaToolsLib/XmlAccept.cpp.o
[ 85%] Building CXX object CMakeFiles/yatools.dir/home/user/git/YaCo/YaLibs/YaToolsLib/XmlVisitor.cpp.o
[ 85%] Building CXX object CMakeFiles/yatools.dir/home/user/git/YaCo/YaLibs/YaToolsLib/Configuration.cpp.o
[ 85%] Building CXX object CMakeFiles/yatools.dir/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp.o
/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp: In instantiation of ‘std::__cxx11::string {anonymous}::format_string(const char*, const Args ...) [with Args = {}; std::__cxx11::string = std::__cxx11::basic_string<char>]’:
/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp:135:29:   required from ‘std::__cxx11::string {anonymous}::format_last_git_error(const char*, const Args ...) [with Args = {}; std::__cxx11::string = std::__cxx11::basic_string<char>]’
/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp:141:52:   required from ‘void {anonymous}::fail_with({anonymous}::Git&, const char*, const Args ...) [with Args = {}]’
/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp:155:13:   required from here
/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp:123:40: error: format not a string literal and no format arguments [-Werror=format-security]
         const auto size = std::snprintf(nullptr, 0, fmt, args...);
                           ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp:125:22: error: format not a string literal and no format arguments [-Werror=format-security]
         std::snprintf(&buffer[0], size + 1, fmt, args...);
         ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors
CMakeFiles/yatools.dir/build.make:191: recipe for target 'CMakeFiles/yatools.dir/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp.o' failed
make[2]: *** [CMakeFiles/yatools.dir/home/user/git/YaCo/YaLibs/YaToolsLib/Git.cpp.o] Error 1
make[2]: *** Waiting for unfinished jobs....
CMakeFiles/Makefile2:1316: recipe for target 'CMakeFiles/yatools.dir/all' failed
make[1]: *** [CMakeFiles/yatools.dir/all] Error 2
Makefile:94: recipe for target 'all' failed
make: *** [all] Error 2
bamiaux commented 6 years ago

Sorrry, please use & build https://github.com/DGA-MI-SSI/YaCo/tree/issue_48 until it's fixed in the master branch

soggysec commented 6 years ago

Thanks, though we should probably consider format-security warnings as serious potentials for bugs

bamiaux commented 6 years ago

I agree, but in this particular case, the format string is already always statically checked with the macro FAIL_WITH(...) However, I've disabled all format-security warnings, I'll find a way to enable them back later

bamiaux commented 6 years ago

-Wformat-security is enabled again :)