stransky / berusky2

Berusky 2 (Bugs Escape 3D) is a game that challenges your visual/spatial thinking and ability to find a way to resolve a logic task. Using five bugs, you'll go through an adventure full of various puzzles spread across nine episodes. Individual episodes differ in appearance and difficulty, which increases throughout the game.
http://anakreon.cz/en/Berusky2.htm
GNU General Public License v3.0
14 stars 3 forks source link

Fix format not a string literal error #14

Closed apoleon closed 11 years ago

apoleon commented 11 years ago

In Debian, the attached patch was applied to achieve the following:

Avoid that Berusky2 fails to build from source. The Debian package uses gcc's hardening build flags -Wformat -Wformat-security -Werror=format-security

Quote from the gcc man page:

If -Wformat is specified, also warn about uses of format functions that represent possible security problems. At present, this warns about calls to printf and scanf functions where the format string is not a string literal and there are no format arguments, as in printf (foo);. This may be a security hole if the format string came from untrusted input and contains %n.

See also:

https://wiki.debian.org/Hardening#gcc_-Wformat_-Wformat-security

Thanks for considering the patch.

https://gist.github.com/apoleon/6356888

stransky commented 11 years ago

Added to git, thanks!