diff options
author | Khem Raj <raj.khem@gmail.com> | 2016-08-14 22:04:32 -0700 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-08-22 15:49:23 +0200 |
commit | 30eb09f3bbb9583a4e7181858488f6259f4b381e (patch) | |
tree | 09c1f1f6cf13f5a42a308876773388658c430bdc /meta-oe | |
parent | 46248dca3c3ab7f9deff5ac007dcc028cee1d13f (diff) | |
download | meta-openembedded-30eb09f3bbb9583a4e7181858488f6259f4b381e.tar.gz |
libgphoto2: Fix build when security flags are enabled with clang
clang is more pedantic and throws below errors
../../libgphoto2-2.5.8/camlibs/ptp2/chdk.c:1131:14: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
sprintf(lua,luascript); /* This expands the %q inside the string too ... do not optimize away. */
^~~~~~~~~
Backport a patch to silence the warnings where it avoids
the use of sprintf all the way
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r-- | meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch | 133 | ||||
-rw-r--r-- | meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb | 1 |
2 files changed, 134 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch new file mode 100644 index 000000000..fba4c6964 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch | |||
@@ -0,0 +1,133 @@ | |||
1 | From 4adfe5a6c9db07537df302f3c17713515bf23a2e Mon Sep 17 00:00:00 2001 | ||
2 | From: Marcus Meissner <marcus@jet.franken.de> | ||
3 | Date: Sat, 11 Jul 2015 09:38:13 +0000 | ||
4 | Subject: [PATCH] avoid use of sprintf to convert %% to %, duplicate the macro | ||
5 | |||
6 | git-svn-id: https://svn.code.sf.net/p/gphoto/code/trunk/libgphoto2@15490 67ed7778-7388-44ab-90cf-0a291f65f57c | ||
7 | --- | ||
8 | camlibs/ptp2/chdk.c | 8 ++--- | ||
9 | camlibs/ptp2/chdk_ptp.h | 82 +++++++++++++++++++++++++++++++++++++++++++++++++ | ||
10 | 2 files changed, 84 insertions(+), 6 deletions(-) | ||
11 | |||
12 | diff --git a/camlibs/ptp2/chdk.c b/camlibs/ptp2/chdk.c | ||
13 | index 5fb84ea..3b8a995 100644 | ||
14 | --- a/camlibs/ptp2/chdk.c | ||
15 | +++ b/camlibs/ptp2/chdk.c | ||
16 | @@ -1119,18 +1119,14 @@ chdk_camera_capture (Camera *camera, CameraCaptureType type, CameraFilePath *pat | ||
17 | int ret, retint; | ||
18 | char *table, *s; | ||
19 | PTPParams *params = &camera->pl->params; | ||
20 | - char *lua; | ||
21 | - const char *luascript = PTP_CHDK_LUA_SERIALIZE_MSGS \ | ||
22 | + const char *luascript = PTP_CHDK_LUA_SERIALIZE_MSGS_SIMPLEQUOTE \ | ||
23 | PTP_CHDK_LUA_RLIB_SHOOT \ | ||
24 | "return rlib_shoot({info=true});\n"; | ||
25 | |||
26 | ret = camera_prepare_chdk_capture(camera, context); | ||
27 | if (ret != GP_OK) return ret; | ||
28 | |||
29 | - lua = malloc(strlen(luascript)+1); | ||
30 | - sprintf(lua,luascript); /* This expands the %q inside the string too ... do not optimize away. */ | ||
31 | - ret = chdk_generic_script_run (params, lua, &table, &retint, context); | ||
32 | - free (lua); | ||
33 | + ret = chdk_generic_script_run (params, luascript, &table, &retint, context); | ||
34 | GP_LOG_D("rlib_shoot returned table %s, retint %d\n", table, retint); | ||
35 | s = strstr(table, "exp="); | ||
36 | if (s) { | ||
37 | diff --git a/camlibs/ptp2/chdk_ptp.h b/camlibs/ptp2/chdk_ptp.h | ||
38 | index d11e0b7..65dcfd7 100644 | ||
39 | --- a/camlibs/ptp2/chdk_ptp.h | ||
40 | +++ b/camlibs/ptp2/chdk_ptp.h | ||
41 | @@ -198,10 +198,92 @@ function serialize(v,opts)\n\ | ||
42 | return table.concat(r)\n\ | ||
43 | end\n" | ||
44 | |||
45 | +#define PTP_CHDK_LUA_SERIALIZE_SIMPLEQUOTE "\n\ | ||
46 | +serialize_r = function(v,opts,r,seen,depth)\n\ | ||
47 | + local vt = type(v)\n\ | ||
48 | + if vt == 'nil' or vt == 'boolean' or vt == 'number' then\n\ | ||
49 | + table.insert(r,tostring(v))\n\ | ||
50 | + return\n\ | ||
51 | + end\n\ | ||
52 | + if vt == 'string' then\n\ | ||
53 | + table.insert(r,string.format('%q',v))\n\ | ||
54 | + return\n\ | ||
55 | + end\n\ | ||
56 | + if vt == 'table' then\n\ | ||
57 | + if not depth then\n\ | ||
58 | + depth = 1\n\ | ||
59 | + end\n\ | ||
60 | + if depth >= opts.maxdepth then\n\ | ||
61 | + error('serialize: max depth')\n\ | ||
62 | + end\n\ | ||
63 | + if not seen then\n\ | ||
64 | + seen={}\n\ | ||
65 | + elseif seen[v] then\n\ | ||
66 | + if opts.err_cycle then\n\ | ||
67 | + error('serialize: cycle')\n\ | ||
68 | + else\n\ | ||
69 | + table.insert(r,'\"cycle:'..tostring(v)..'\"')\n\ | ||
70 | + return\n\ | ||
71 | + end\n\ | ||
72 | + end\n\ | ||
73 | + seen[v] = true;\n\ | ||
74 | + table.insert(r,'{')\n\ | ||
75 | + for k,v1 in pairs(v) do\n\ | ||
76 | + if opts.pretty then\n\ | ||
77 | + table.insert(r,'\\n'..string.rep(' ',depth))\n\ | ||
78 | + end\n\ | ||
79 | + if type(k) == 'string' and string.match(k,'^[_%a][%a%d_]*$') then\n\ | ||
80 | + table.insert(r,k)\n\ | ||
81 | + else\n\ | ||
82 | + table.insert(r,'[')\n\ | ||
83 | + serialize_r(k,opts,r,seen,depth+1)\n\ | ||
84 | + table.insert(r,']')\n\ | ||
85 | + end\n\ | ||
86 | + table.insert(r,'=')\n\ | ||
87 | + serialize_r(v1,opts,r,seen,depth+1)\n\ | ||
88 | + table.insert(r,',')\n\ | ||
89 | + end\n\ | ||
90 | + if opts.pretty then\n\ | ||
91 | + table.insert(r,'\\n'..string.rep(' ',depth-1))\n\ | ||
92 | + end\n\ | ||
93 | + table.insert(r,'}')\n\ | ||
94 | + return\n\ | ||
95 | + end\n\ | ||
96 | + if opts.err_type then\n\ | ||
97 | + error('serialize: unsupported type ' .. vt, 2)\n\ | ||
98 | + else\n\ | ||
99 | + table.insert(r,'\"'..tostring(v)..'\"')\n\ | ||
100 | + end\n\ | ||
101 | +end\n\ | ||
102 | +serialize_defaults = {\n\ | ||
103 | + maxdepth=10,\n\ | ||
104 | + err_type=true,\n\ | ||
105 | + err_cycle=true,\n\ | ||
106 | + pretty=false,\n\ | ||
107 | +}\n\ | ||
108 | +function serialize(v,opts)\n\ | ||
109 | + if opts then\n\ | ||
110 | + for k,v in pairs(serialize_defaults) do\n\ | ||
111 | + if not opts[k] then\n\ | ||
112 | + opts[k]=v\n\ | ||
113 | + end\n\ | ||
114 | + end\n\ | ||
115 | + else\n\ | ||
116 | + opts=serialize_defaults\n\ | ||
117 | + end\n\ | ||
118 | + local r={}\n\ | ||
119 | + serialize_r(v,opts,r)\n\ | ||
120 | + return table.concat(r)\n\ | ||
121 | +end\n" | ||
122 | + | ||
123 | #define PTP_CHDK_LUA_SERIALIZE_MSGS \ | ||
124 | PTP_CHDK_LUA_SERIALIZE\ | ||
125 | "usb_msg_table_to_string=serialize\n" | ||
126 | |||
127 | +#define PTP_CHDK_LUA_SERIALIZE_MSGS_SIMPLEQUOTE \ | ||
128 | +PTP_CHDK_LUA_SERIALIZE_SIMPLEQUOTE\ | ||
129 | +"usb_msg_table_to_string=serialize\n" | ||
130 | + | ||
131 | #define PTP_CHDK_LUA_EXTEND_TABLE \ | ||
132 | "function extend_table(target,source,deep)\n\ | ||
133 | if type(target) ~= 'table' then\n\ | ||
diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb index dde14adcb..098da79ad 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb | |||
@@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/libgphoto2-${PV}.tar.bz2;name=libgphoto2 | |||
15 | file://40-libgphoto2.rules \ | 15 | file://40-libgphoto2.rules \ |
16 | file://0001-configure.ac-remove-AM_PO_SUBDIRS.patch \ | 16 | file://0001-configure.ac-remove-AM_PO_SUBDIRS.patch \ |
17 | file://0002-correct-jpeg-memsrcdest-support.patch \ | 17 | file://0002-correct-jpeg-memsrcdest-support.patch \ |
18 | file://avoid_using_sprintf.patch \ | ||
18 | " | 19 | " |
19 | 20 | ||
20 | SRC_URI[libgphoto2.md5sum] = "873ab01aced49c6b92a98e515db5dcef" | 21 | SRC_URI[libgphoto2.md5sum] = "873ab01aced49c6b92a98e515db5dcef" |