search

williamweston / phasex

PHASEX is an experimental MIDI softsynth for Linux/ALSA/JACK with a synth engine built around flexible phase modulation and flexible oscillator/LFO sources. Modulations include AM, FM, offset PM, and wave select. PHASEX comes equipped with multiple filter types and modes, a stereo crossover delay and chorus with phaser, ADSR envelopes for amplifier and filter, realtime audio input processing capabilities, and more.
Other
76 stars 9 forks source link

Fail to build with -Werror=format-security #3

Closed alessio closed 11 years ago

alessio commented 11 years ago

Hi,

on Debian the phasex's latest release fails to compile as we use to enable some hardened flags during the build. A patch for src/alsa_seq.c follows:

--- phasex.orig/src/alsa_seq.c
+++ phasex/src/alsa_seq.c
@@ -65,7 +65,7 @@ alsa_error_handler(const char *file, int
 {
        PHASEX_ERROR("Unhandled ALSA error %d in function %s from file %s line %d:\n",
                     err, func, file, line);
-       PHASEX_ERROR(fmt);
+       PHASEX_ERROR("%s", fmt);
 }

Thanks for considering.

PS: I had just a quick look at the code so there might be many more lines to be fixed

alessio commented 11 years ago

The complete patch follows:

--- phasex.orig/src/alsa_seq.c
+++ phasex/src/alsa_seq.c
@@ -65,7 +65,7 @@ alsa_error_handler(const char *file, int
 {
        PHASEX_ERROR("Unhandled ALSA error %d in function %s from file %s line %d:\n",
                     err, func, file, line);
-       PHASEX_ERROR(fmt);
+       PHASEX_ERROR("%s", fmt);
 }

--- phasex.orig/src/debug.c
+++ phasex/src/debug.c
@@ -92,7 +92,7 @@ phasex_debug_thread(void *UNUSED(arg))
                usleep(16000 >> PHASEX_CPU_POWER);
                while (main_debug_queue.read_index !=
                       g_atomic_int_get(& (main_debug_queue.write_index))) {
-                       fprintf(stderr, (char *)(main_debug_queue.msgs
+                       fprintf(stderr, "%s", (char *)(main_debug_queue.msgs
                                                 [main_debug_queue.read_index].msg));
                        main_debug_queue.read_index =
                                (main_debug_queue.read_index + 1) & DEBUG_BUFFER_MASK;
--- phasex.orig/src/phasex.c
+++ phasex/src/phasex.c
@@ -391,7 +391,7 @@ phasex_shutdown(const char *msg)
 {
        /* output message from caller */
        if (msg != NULL) {
-               fprintf(stderr, msg);
+               fprintf(stderr, "%s", msg);
        }

        /* keep current midi port settings. */
williamweston commented 11 years ago

Thank you! This has been applied as a hot-fix to the v0.14.97 branch. To avoid this issue in the future, '-Werror=format-security' has been added for debug builds.