From patchwork Mon Aug 15 05:04:32 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 73894 Delivered-To: patch@linaro.org Received: by 10.140.29.52 with SMTP id a49csp1274359qga; Sun, 14 Aug 2016 22:04:56 -0700 (PDT) X-Received: by 10.66.217.170 with SMTP id oz10mr50557290pac.61.1471237496234; Sun, 14 Aug 2016 22:04:56 -0700 (PDT) Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id j190si24708381pfc.151.2016.08.14.22.04.55; Sun, 14 Aug 2016 22:04:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE dis=NONE) header.from=gmail.com Received: from layers.openembedded.org (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 078BD7710C; Mon, 15 Aug 2016 05:04:45 +0000 (UTC) X-Original-To: openembedded-devel@lists.openembedded.org Delivered-To: openembedded-devel@lists.openembedded.org Received: from mail-pf0-f193.google.com (mail-pf0-f193.google.com [209.85.192.193]) by mail.openembedded.org (Postfix) with ESMTP id 430CA77042 for ; Mon, 15 Aug 2016 05:04:43 +0000 (UTC) Received: by mail-pf0-f193.google.com with SMTP id g202so3156201pfb.1 for ; Sun, 14 Aug 2016 22:04:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=nLC4ILdtkIhzCqmpIeu1wXcOudGe8Fu0byupYT/50B4=; b=KuXBOaz4N6WOP8AN5G79Z0QBCLQm3RQdu3dbYU7cPtfWyXkKxHD9TTkPE+hQw4b+NB KUQEFEl2y31PF0Tcy4gRnSJmAx2a7r8AtL9037lcDNVh/i6qiDc5+o9iWaXa1GZ4rJkk BOFarcCgck3xQhDfF13HzB0o8/e795COlIH6yrmSaZ7mmUR/zN9RJZRtgD+AGTN3BF8d B6H+qnbocpQ8z3WCaaTJPVZMSvrBqrAwjvxf11NuKu/iEiVUpeLJATx4OpFzIYRrF7NR vEqc+BwXME9mmqtTIBFk1z2pbWEYvCtPTog0hRxAarzCFwEx16WVmnFY3V1ZEex9slw0 nNWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=nLC4ILdtkIhzCqmpIeu1wXcOudGe8Fu0byupYT/50B4=; b=Mq1Gw6JJSE9NWFJmMHvIIhnX/uagzcTRNnEG4IZrcI13KdGpX1Cu+KcN8GnGuJtphL CBJV6IypmfBkIkTgPrUdZPqFKKGRVKoHRE/SM1mHRvYZxBP9QO+uFldsPiGhh6OMhD+u xeydlA4i3K8SiUk/1SGOYeTLo5h2TgANkn1A6HiOQiyTadGnaBpySbAP/jYT1UA8m8bp PwCGqvGKkEWQxCsprb4UoS4Jsi1d6AhWsjgxt1H8zdVMSaFozzVO71ocZ2ecEZO6bkC3 u4JdFLV5/HccnXwdsgpcKF+qj5Ox41EUufOkDh6mPcU/7Fx2bUl7DJtVrKLzBvk2zsul 3BFA== X-Gm-Message-State: AEkoouuhYaZjLozX5dzpmwofuYLKW5xuZo1yLnkKwcg1sT4Kxdsg6uQ0lbk+MrbAzuF/oA== X-Received: by 10.98.98.193 with SMTP id w184mr50543375pfb.120.1471237484324; Sun, 14 Aug 2016 22:04:44 -0700 (PDT) Received: from localhost.localdomain (c-76-102-32-192.hsd1.ca.comcast.net. [76.102.32.192]) by smtp.gmail.com with ESMTPSA id ty6sm29178421pac.18.2016.08.14.22.04.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Aug 2016 22:04:43 -0700 (PDT) From: Khem Raj To: openembedded-devel@lists.openembedded.org Date: Sun, 14 Aug 2016 22:04:32 -0700 Message-Id: <20160815050434.20974-1-raj.khem@gmail.com> X-Mailer: git-send-email 2.9.3 Subject: [oe] [meta-oe][PATCH 1/3] libgphoto2: Fix build when security flags are enabled with clang X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: openembedded-devel@lists.openembedded.org MIME-Version: 1.0 Sender: openembedded-devel-bounces@lists.openembedded.org Errors-To: openembedded-devel-bounces@lists.openembedded.org clang is more pedantic and throws below errors ../../libgphoto2-2.5.8/camlibs/ptp2/chdk.c:1131:14: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security] sprintf(lua,luascript); /* This expands the %q inside the string too ... do not optimize away. */ ^~~~~~~~~ Backport a patch to silence the warnings where it avoids the use of sprintf all the way Signed-off-by: Khem Raj --- .../libgphoto2-2.5.8/avoid_using_sprintf.patch | 133 +++++++++++++++++++++ .../recipes-graphics/gphoto2/libgphoto2_2.5.8.bb | 1 + 2 files changed, 134 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch -- 2.9.3 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch new file mode 100644 index 0000000..fba4c69 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2-2.5.8/avoid_using_sprintf.patch @@ -0,0 +1,133 @@ +From 4adfe5a6c9db07537df302f3c17713515bf23a2e Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Sat, 11 Jul 2015 09:38:13 +0000 +Subject: [PATCH] avoid use of sprintf to convert %% to %, duplicate the macro + +git-svn-id: https://svn.code.sf.net/p/gphoto/code/trunk/libgphoto2@15490 67ed7778-7388-44ab-90cf-0a291f65f57c +--- + camlibs/ptp2/chdk.c | 8 ++--- + camlibs/ptp2/chdk_ptp.h | 82 +++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 84 insertions(+), 6 deletions(-) + +diff --git a/camlibs/ptp2/chdk.c b/camlibs/ptp2/chdk.c +index 5fb84ea..3b8a995 100644 +--- a/camlibs/ptp2/chdk.c ++++ b/camlibs/ptp2/chdk.c +@@ -1119,18 +1119,14 @@ chdk_camera_capture (Camera *camera, CameraCaptureType type, CameraFilePath *pat + int ret, retint; + char *table, *s; + PTPParams *params = &camera->pl->params; +- char *lua; +- const char *luascript = PTP_CHDK_LUA_SERIALIZE_MSGS \ ++ const char *luascript = PTP_CHDK_LUA_SERIALIZE_MSGS_SIMPLEQUOTE \ + PTP_CHDK_LUA_RLIB_SHOOT \ + "return rlib_shoot({info=true});\n"; + + ret = camera_prepare_chdk_capture(camera, context); + if (ret != GP_OK) return ret; + +- lua = malloc(strlen(luascript)+1); +- sprintf(lua,luascript); /* This expands the %q inside the string too ... do not optimize away. */ +- ret = chdk_generic_script_run (params, lua, &table, &retint, context); +- free (lua); ++ ret = chdk_generic_script_run (params, luascript, &table, &retint, context); + GP_LOG_D("rlib_shoot returned table %s, retint %d\n", table, retint); + s = strstr(table, "exp="); + if (s) { +diff --git a/camlibs/ptp2/chdk_ptp.h b/camlibs/ptp2/chdk_ptp.h +index d11e0b7..65dcfd7 100644 +--- a/camlibs/ptp2/chdk_ptp.h ++++ b/camlibs/ptp2/chdk_ptp.h +@@ -198,10 +198,92 @@ function serialize(v,opts)\n\ + return table.concat(r)\n\ + end\n" + ++#define PTP_CHDK_LUA_SERIALIZE_SIMPLEQUOTE "\n\ ++serialize_r = function(v,opts,r,seen,depth)\n\ ++ local vt = type(v)\n\ ++ if vt == 'nil' or vt == 'boolean' or vt == 'number' then\n\ ++ table.insert(r,tostring(v))\n\ ++ return\n\ ++ end\n\ ++ if vt == 'string' then\n\ ++ table.insert(r,string.format('%q',v))\n\ ++ return\n\ ++ end\n\ ++ if vt == 'table' then\n\ ++ if not depth then\n\ ++ depth = 1\n\ ++ end\n\ ++ if depth >= opts.maxdepth then\n\ ++ error('serialize: max depth')\n\ ++ end\n\ ++ if not seen then\n\ ++ seen={}\n\ ++ elseif seen[v] then\n\ ++ if opts.err_cycle then\n\ ++ error('serialize: cycle')\n\ ++ else\n\ ++ table.insert(r,'\"cycle:'..tostring(v)..'\"')\n\ ++ return\n\ ++ end\n\ ++ end\n\ ++ seen[v] = true;\n\ ++ table.insert(r,'{')\n\ ++ for k,v1 in pairs(v) do\n\ ++ if opts.pretty then\n\ ++ table.insert(r,'\\n'..string.rep(' ',depth))\n\ ++ end\n\ ++ if type(k) == 'string' and string.match(k,'^[_%a][%a%d_]*$') then\n\ ++ table.insert(r,k)\n\ ++ else\n\ ++ table.insert(r,'[')\n\ ++ serialize_r(k,opts,r,seen,depth+1)\n\ ++ table.insert(r,']')\n\ ++ end\n\ ++ table.insert(r,'=')\n\ ++ serialize_r(v1,opts,r,seen,depth+1)\n\ ++ table.insert(r,',')\n\ ++ end\n\ ++ if opts.pretty then\n\ ++ table.insert(r,'\\n'..string.rep(' ',depth-1))\n\ ++ end\n\ ++ table.insert(r,'}')\n\ ++ return\n\ ++ end\n\ ++ if opts.err_type then\n\ ++ error('serialize: unsupported type ' .. vt, 2)\n\ ++ else\n\ ++ table.insert(r,'\"'..tostring(v)..'\"')\n\ ++ end\n\ ++end\n\ ++serialize_defaults = {\n\ ++ maxdepth=10,\n\ ++ err_type=true,\n\ ++ err_cycle=true,\n\ ++ pretty=false,\n\ ++}\n\ ++function serialize(v,opts)\n\ ++ if opts then\n\ ++ for k,v in pairs(serialize_defaults) do\n\ ++ if not opts[k] then\n\ ++ opts[k]=v\n\ ++ end\n\ ++ end\n\ ++ else\n\ ++ opts=serialize_defaults\n\ ++ end\n\ ++ local r={}\n\ ++ serialize_r(v,opts,r)\n\ ++ return table.concat(r)\n\ ++end\n" ++ + #define PTP_CHDK_LUA_SERIALIZE_MSGS \ + PTP_CHDK_LUA_SERIALIZE\ + "usb_msg_table_to_string=serialize\n" + ++#define PTP_CHDK_LUA_SERIALIZE_MSGS_SIMPLEQUOTE \ ++PTP_CHDK_LUA_SERIALIZE_SIMPLEQUOTE\ ++"usb_msg_table_to_string=serialize\n" ++ + #define PTP_CHDK_LUA_EXTEND_TABLE \ + "function extend_table(target,source,deep)\n\ + if type(target) ~= 'table' then\n\ diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb index dde14ad..098da79 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.8.bb @@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/libgphoto2-${PV}.tar.bz2;name=libgphoto2 file://40-libgphoto2.rules \ file://0001-configure.ac-remove-AM_PO_SUBDIRS.patch \ file://0002-correct-jpeg-memsrcdest-support.patch \ + file://avoid_using_sprintf.patch \ " SRC_URI[libgphoto2.md5sum] = "873ab01aced49c6b92a98e515db5dcef"