[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen/Kconfig: Fix -Wformat-security when compiling with Clang



On Wed, Jun 26, 2019 at 06:36:15PM +0100, Andrew Cooper wrote:
> Clang observes:
> 
> tools/kconfig/conf.c:77:10:
> warning: format string is not a string literal (potentially insecure)
>       [-Wformat-security]
>                 printf(_("aborted!\n\n"));
>                        ^~~~~~~~~~~~~~~~~
> 
> And it is absolutely correct.  gettext() can easily return a string with a %
> in.
> 
> This could be fixed by switching to using printf("%s", _(...)), or by
> switching to puts() (as there is no formatting going on), but the better
> option is follow Linux and remove localisation support.
> 
> Linux changeset: 694c49a7c01cc87194be40cb26404b58b68c291c
> Author: Sam Ravnborg <sam@xxxxxxxxxxxx>
> Date:   Tue May 22 20:36:12 2018
> 
> kconfig: drop localization support
> 
> The localization support is broken and appears unused.
> There is no google hits on the update-po-config target.
> And there is no recent (5 years) activity related to the localization.
> 
> So lets just drop this as it is no longer used.
> 
> Suggested-by: Ulf Magnusson <ulfalizer@xxxxxxxxx>
> Suggested-by: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>
> Signed-off-by: Sam Ravnborg <sam@xxxxxxxxxxxx>
> Signed-off-by: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>
> 
> [Ported to Xen]
> Reported-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

I haven't built this locally but overall I think this is a good backport
to do. In the past there were a lot of concerns about the size of the
Kconfig code base that we were bringing into the tree and some of the
functionality that seemed less than necessary. The approach was taken to
always backport from Linux to ease the maintenance burden for Xen but a
backport like this seems like it achieves both goals.

Acked-by: Doug Goldstein <cardoe@xxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.