src/screen.c: always use "%s"-style format for printf()-style functions

LonnyGomes / hexcurse

Hexcurse is a ncurses-based console hexeditor written in C

Other

181 stars 17 forks source link

src/screen.c: always use "%s"-style format for printf()-style functions #40

Open trofi opened 3 years ago

trofi commented 3 years ago

ncuses-6.3 added printf-style function attributes and now makes it easier to catch cases when user input is used in palce of format string when built with CFLAGS=-Werror=format-security:

screen.c:495:5: error: format not a string literal and no format arguments [-Werror=format-security]
  495 |     mvwprintw(tmpwin,2,3, msg);
      |     ^~~~~~~~~

Let's wrap all the missing places with "%s" format.

3mb3dw0rk5 commented 2 years ago

Great. Is this project still maintained? This fix is actually needed to build in latest rolling release distributions.

prso commented 2 years ago

I compiled improvements and fixes from others and from myself in my fork.

Unfortunately the pull requests I sent were not merged into upstream.

Feel free to convince the distributors to include all these changes. Thanks.

P.S. I have merged this pull into my fork (master branch), thanks trofi.