diff options
| author | Khem Raj <raj.khem@gmail.com> | 2016-08-14 22:04:32 -0700 |
|---|---|---|
| committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-08-22 15:49:23 +0200 |
| commit | 30eb09f3bbb9583a4e7181858488f6259f4b381e (patch) | |
| tree | 09c1f1f6cf13f5a42a308876773388658c430bdc | |
| parent | 46248dca3c3ab7f9deff5ac007dcc028cee1d13f (diff) | |
| download | meta-openembedded-30eb09f3bbb9583a4e7181858488f6259f4b381e.tar.gz | |
libgphoto2: Fix build when security flags are enabled with clang
clang is more pedantic and throws below errors
../../libgphoto2-2.5.8/camlibs/ptp2/chdk.c:1131:14: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
sprintf(lua,luascript); /* This expands the %q inside the string too ... do not optimize away. */
^~~~~~~~~
Backport a patch to silence the warnings where it avoids
the use of sprintf all the way
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
| -rw-r--r-- | meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch | 133 | ||||
| -rw-r--r-- | meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb | 1 |
2 files changed, 134 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch new file mode 100644 index 0000000000..fba4c69641 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch | |||
| @@ -0,0 +1,133 @@ | |||
| 1 | From 4adfe5a6c9db07537df302f3c17713515bf23a2e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Marcus Meissner <marcus@jet.franken.de> | ||
| 3 | Date: Sat, 11 Jul 2015 09:38:13 +0000 | ||
| 4 | Subject: [PATCH] avoid use of sprintf to convert %% to %, duplicate the macro | ||
| 5 | |||
| 6 | git-svn-id: https://svn.code.sf.net/p/gphoto/code/trunk/libgphoto2@15490 67ed7778-7388-44ab-90cf-0a291f65f57c | ||
| 7 | --- | ||
| 8 | camlibs/ptp2/chdk.c | 8 ++--- | ||
| 9 | camlibs/ptp2/chdk_ptp.h | 82 +++++++++++++++++++++++++++++++++++++++++++++++++ | ||
| 10 | 2 files changed, 84 insertions(+), 6 deletions(-) | ||
| 11 | |||
| 12 | diff --git a/camlibs/ptp2/chdk.c b/camlibs/ptp2/chdk.c | ||
| 13 | index 5fb84ea..3b8a995 100644 | ||
| 14 | --- a/camlibs/ptp2/chdk.c | ||
| 15 | +++ b/camlibs/ptp2/chdk.c | ||
| 16 | @@ -1119,18 +1119,14 @@ chdk_camera_capture (Camera *camera, CameraCaptureType type, CameraFilePath *pat | ||
| 17 | int ret, retint; | ||
| 18 | char *table, *s; | ||
| 19 | PTPParams *params = &camera->pl->params; | ||
| 20 | - char *lua; | ||
| 21 | - const char *luascript = PTP_CHDK_LUA_SERIALIZE_MSGS \ | ||
| 22 | + const char *luascript = PTP_CHDK_LUA_SERIALIZE_MSGS_SIMPLEQUOTE \ | ||
| 23 | PTP_CHDK_LUA_RLIB_SHOOT \ | ||
| 24 | "return rlib_shoot({info=true});\n"; | ||
| 25 | |||
| 26 | ret = camera_prepare_chdk_capture(camera, context); | ||
| 27 | if (ret != GP_OK) return ret; | ||
| 28 | |||
| 29 | - lua = malloc(strlen(luascript)+1); | ||
| 30 | - sprintf(lua,luascript); /* This expands the %q inside the string too ... do not optimize away. */ | ||
| 31 | - ret = chdk_generic_script_run (params, lua, &table, &retint, context); | ||
| 32 | - free (lua); | ||
| 33 | + ret = chdk_generic_script_run (params, luascript, &table, &retint, context); | ||
| 34 | GP_LOG_D("rlib_shoot returned table %s, retint %d\n", table, retint); | ||
| 35 | s = strstr(table, "exp="); | ||
| 36 | if (s) { | ||
| 37 | diff --git a/camlibs/ptp2/chdk_ptp.h b/camlibs/ptp2/chdk_ptp.h | ||
| 38 | index d11e0b7..65dcfd7 100644 | ||
| 39 | --- a/camlibs/ptp2/chdk_ptp.h | ||
| 40 | +++ b/camlibs/ptp2/chdk_ptp.h | ||
| 41 | @@ -198,10 +198,92 @@ function serialize(v,opts)\n\ | ||
| 42 | return table.concat(r)\n\ | ||
| 43 | end\n" | ||
| 44 | |||
| 45 | +#define PTP_CHDK_LUA_SERIALIZE_SIMPLEQUOTE "\n\ | ||
| 46 | +serialize_r = function(v,opts,r,seen,depth)\n\ | ||
| 47 | + local vt = type(v)\n\ | ||
| 48 | + if vt == 'nil' or vt == 'boolean' or vt == 'number' then\n\ | ||
| 49 | + table.insert(r,tostring(v))\n\ | ||
| 50 | + return\n\ | ||
| 51 | + end\n\ | ||
| 52 | + if vt == 'string' then\n\ | ||
| 53 | + table.insert(r,string.format('%q',v))\n\ | ||
| 54 | + return\n\ | ||
| 55 | + end\n\ | ||
| 56 | + if vt == 'table' then\n\ | ||
| 57 | + if not depth then\n\ | ||
| 58 | + depth = 1\n\ | ||
| 59 | + end\n\ | ||
| 60 | + if depth >= opts.maxdepth then\n\ | ||
| 61 | + error('serialize: max depth')\n\ | ||
| 62 | + end\n\ | ||
| 63 | + if not seen then\n\ | ||
| 64 | + seen={}\n\ | ||
| 65 | + elseif seen[v] then\n\ | ||
| 66 | + if opts.err_cycle then\n\ | ||
| 67 | + error('serialize: cycle')\n\ | ||
| 68 | + else\n\ | ||
| 69 | + table.insert(r,'\"cycle:'..tostring(v)..'\"')\n\ | ||
| 70 | + return\n\ | ||
| 71 | + end\n\ | ||
| 72 | + end\n\ | ||
| 73 | + seen[v] = true;\n\ | ||
| 74 | + table.insert(r,'{')\n\ | ||
| 75 | + for k,v1 in pairs(v) do\n\ | ||
| 76 | + if opts.pretty then\n\ | ||
| 77 | + table.insert(r,'\\n'..string.rep(' ',depth))\n\ | ||
| 78 | + end\n\ | ||
| 79 | + if type(k) == 'string' and string.match(k,'^[_%a][%a%d_]*$') then\n\ | ||
| 80 | + table.insert(r,k)\n\ | ||
| 81 | + else\n\ | ||
| 82 | + table.insert(r,'[')\n\ | ||
| 83 | + serialize_r(k,opts,r,seen,depth+1)\n\ | ||
| 84 | + table.insert(r,']')\n\ | ||
| 85 | + end\n\ | ||
| 86 | + table.insert(r,'=')\n\ | ||
| 87 | + serialize_r(v1,opts,r,seen,depth+1)\n\ | ||
| 88 | + table.insert(r,',')\n\ | ||
| 89 | + end\n\ | ||
| 90 | + if opts.pretty then\n\ | ||
| 91 | + table.insert(r,'\\n'..string.rep(' ',depth-1))\n\ | ||
| 92 | + end\n\ | ||
| 93 | + table.insert(r,'}')\n\ | ||
| 94 | + return\n\ | ||
| 95 | + end\n\ | ||
| 96 | + if opts.err_type then\n\ | ||
| 97 | + error('serialize: unsupported type ' .. vt, 2)\n\ | ||
| 98 | + else\n\ | ||
| 99 | + table.insert(r,'\"'..tostring(v)..'\"')\n\ | ||
| 100 | + end\n\ | ||
| 101 | +end\n\ | ||
| 102 | +serialize_defaults = {\n\ | ||
| 103 | + maxdepth=10,\n\ | ||
| 104 | + err_type=true,\n\ | ||
| 105 | + err_cycle=true,\n\ | ||
| 106 | + pretty=false,\n\ | ||
| 107 | +}\n\ | ||
| 108 | +function serialize(v,opts)\n\ | ||
| 109 | + if opts then\n\ | ||
| 110 | + for k,v in pairs(serialize_defaults) do\n\ | ||
| 111 | + if not opts[k] then\n\ | ||
| 112 | + opts[k]=v\n\ | ||
| 113 | + end\n\ | ||
| 114 | + end\n\ | ||
| 115 | + else\n\ | ||
| 116 | + opts=serialize_defaults\n\ | ||
| 117 | + end\n\ | ||
| 118 | + local r={}\n\ | ||
| 119 | + serialize_r(v,opts,r)\n\ | ||
| 120 | + return table.concat(r)\n\ | ||
| 121 | +end\n" | ||
| 122 | + | ||
| 123 | #define PTP_CHDK_LUA_SERIALIZE_MSGS \ | ||
| 124 | PTP_CHDK_LUA_SERIALIZE\ | ||
| 125 | "usb_msg_table_to_string=serialize\n" | ||
| 126 | |||
| 127 | +#define PTP_CHDK_LUA_SERIALIZE_MSGS_SIMPLEQUOTE \ | ||
| 128 | +PTP_CHDK_LUA_SERIALIZE_SIMPLEQUOTE\ | ||
| 129 | +"usb_msg_table_to_string=serialize\n" | ||
| 130 | + | ||
| 131 | #define PTP_CHDK_LUA_EXTEND_TABLE \ | ||
| 132 | "function extend_table(target,source,deep)\n\ | ||
| 133 | if type(target) ~= 'table' then\n\ | ||
diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb index dde14adcbb..098da79ad6 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb | |||
| @@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/libgphoto2-${PV}.tar.bz2;name=libgphoto2 | |||
| 15 | file://40-libgphoto2.rules \ | 15 | file://40-libgphoto2.rules \ |
| 16 | file://0001-configure.ac-remove-AM_PO_SUBDIRS.patch \ | 16 | file://0001-configure.ac-remove-AM_PO_SUBDIRS.patch \ |
| 17 | file://0002-correct-jpeg-memsrcdest-support.patch \ | 17 | file://0002-correct-jpeg-memsrcdest-support.patch \ |
| 18 | file://avoid_using_sprintf.patch \ | ||
| 18 | " | 19 | " |
| 19 | 20 | ||
| 20 | SRC_URI[libgphoto2.md5sum] = "873ab01aced49c6b92a98e515db5dcef" | 21 | SRC_URI[libgphoto2.md5sum] = "873ab01aced49c6b92a98e515db5dcef" |