diff options
Diffstat (limited to 'repo/motif/02-fix-format-security.patch')
| -rw-r--r-- | repo/motif/02-fix-format-security.patch | 607 |
1 files changed, 607 insertions, 0 deletions
diff --git a/repo/motif/02-fix-format-security.patch b/repo/motif/02-fix-format-security.patch new file mode 100644 index 0000000..18c4abd --- /dev/null +++ b/repo/motif/02-fix-format-security.patch @@ -0,0 +1,607 @@ +Description: Fix unsafe uses of fprintf and sprintf + prevent 'format not a string literal and no format arguments' errors +Forwarded: http://bugs.motifzone.net/show_bug.cgi?id=1574 +Author: Graham Inggs <graham@nerve.org.za> +Last-Update: 2012-12-25 +--- a/lib/Mrm/Mrmhier.c ++++ b/lib/Mrm/Mrmhier.c +@@ -264,10 +264,10 @@ + case MrmSUCCESS: + break; + case MrmNOT_VALID: +- sprintf (err_stg, _MrmMMsg_0113); ++ sprintf (err_stg, "%s", _MrmMMsg_0113); + break; + default: +- sprintf (err_stg, _MrmMMsg_0114); ++ sprintf (err_stg, "%s", _MrmMMsg_0114); + break; + } + } +--- a/lib/Mrm/Mrmicon.c ++++ b/lib/Mrm/Mrmicon.c +@@ -1176,7 +1176,7 @@ + } + break; + default: +- sprintf(err_msg, _MrmMMsg_0040); ++ sprintf(err_msg, "%s", _MrmMMsg_0040); + return Urm__UT_Error ("Urm__RelizeColorTable", + err_msg, NULL, NULL, MrmFAILURE) ; + } +@@ -1252,7 +1252,7 @@ + break; + default: + result = MrmFAILURE; +- sprintf (err_msg, _MrmMMsg_0040); ++ sprintf (err_msg, "%s", _MrmMMsg_0040); + Urm__UT_Error ("Urm__RelizeColorTable", + err_msg, NULL, NULL, MrmFAILURE) ; + } +--- a/lib/Mrm/Mrmlread.c ++++ b/lib/Mrm/Mrmlread.c +@@ -698,7 +698,7 @@ + XBlackPixelOfScreen(XDefaultScreenOfDisplay(display))); + break; + default: +- sprintf(err_msg, _MrmMMsg_0040); ++ sprintf(err_msg, "%s", _MrmMMsg_0040); + result = Urm__UT_Error ("MrmFetchColorLiteral", + err_msg, NULL, NULL, MrmFAILURE) ; + _MrmAppUnlock(app); +--- a/lib/Mrm/Mrmwcrw.c ++++ b/lib/Mrm/Mrmwcrw.c +@@ -1390,7 +1390,7 @@ + } + break; + default: +- sprintf (err_msg, _MrmMMsg_0040); ++ sprintf (err_msg, "%s", _MrmMMsg_0040); + result = Urm__UT_Error ("Urm__CW_ConvertValue", + err_msg, NULL, NULL, MrmFAILURE) ; + }; +@@ -2426,7 +2426,7 @@ + } + break; + default: +- sprintf(err_msg, _MrmMMsg_0040); ++ sprintf(err_msg, "%s", _MrmMMsg_0040); + return Urm__UT_Error ("Urm__CW_ConvertValue", + err_msg, NULL, NULL, MrmFAILURE) ; + }; +--- a/tools/wml/wmlouth.c ++++ b/tools/wml/wmlouth.c +@@ -225,12 +225,12 @@ + printf ("\nCouldn't open UilSymGen.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Write the sym_k..._object literals + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + for ( ndx=0 ; ndx<wml_obj_class_ptr->cnt ; ndx++ ) + { + clsobj = (WmlClassDefPtr) wml_obj_class_ptr->hvec[ndx].objptr; +@@ -244,7 +244,7 @@ + /* + * Define the sym_k_..._reason literals + */ +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + for ( ndx=0 ; ndx<wml_obj_reason_ptr->cnt ; ndx++ ) + { + resobj = (WmlResourceDefPtr) wml_obj_reason_ptr->hvec[ndx].objptr; +@@ -258,7 +258,7 @@ + /* + * Define the sym_k_..._arg literals + */ +-fprintf (outfil, canned4); ++fprintf (outfil, "%s", canned4); + for ( ndx=0 ; ndx<wml_obj_arg_ptr->cnt ; ndx++ ) + { + resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; +@@ -272,7 +272,7 @@ + /* + * Define the sym_k_..._enumset structs and literals + */ +-fprintf (outfil, canned5); ++fprintf (outfil, "%s", canned5); + for ( ndx=0 ; ndx<wml_obj_enumset_ptr->cnt ; ndx++ ) + { + enumsetobj = (WmlEnumSetDefPtr) wml_obj_enumset_ptr->hvec[ndx].objptr; +@@ -286,7 +286,7 @@ + /* + * Define the sym_k_..._enumval literals + */ +-fprintf (outfil, canned6); ++fprintf (outfil, "%s", canned6); + for ( ndx=0 ; ndx<wml_obj_enumval_ptr->cnt ; ndx++ ) + { + enumvalobj = (WmlEnumValueDefPtr) wml_obj_enumval_ptr->hvec[ndx].objptr; +@@ -301,7 +301,7 @@ + * Define the sym_k_..._charsize literals + * Define the sym_k_..._charset literals + */ +-fprintf (outfil, canned7); ++fprintf (outfil, "%s", canned7); + for ( ndx=0 ; ndx<wml_obj_charset_ptr->cnt ; ndx++ ) + { + charsetobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; +@@ -315,7 +315,7 @@ + /* + * Define the sym_k_..._child literals + */ +-fprintf (outfil, canned8); ++fprintf (outfil, "%s", canned8); + for ( ndx=0 ; ndx<wml_obj_child_ptr->cnt ; ndx++ ) + { + childobj = (WmlChildDefPtr) wml_obj_child_ptr->hvec[ndx].objptr; +@@ -379,12 +379,12 @@ + printf ("\nCouldn't open UilSymChCL.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Create table entries, similar to writing sym_k... + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + for ( ndx=0 ; ndx<wml_obj_child_ptr->cnt ; ndx++ ) + { + childobj = (WmlChildDefPtr) wml_obj_child_ptr->hvec[ndx].objptr; +@@ -392,7 +392,7 @@ + fprintf (outfil, " sym_k_%s_object,\n", + classobj->tkname); + } +-fprintf (outfil, canned1a); ++fprintf (outfil, "%s", canned1a); + + /* + * close the output file +@@ -446,12 +446,12 @@ + printf ("\nCouldn't open UilSymArTy.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Create table entries, similar to writing sym_k... + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + for ( ndx=0 ; ndx<wml_obj_arg_ptr->cnt ; ndx++ ) + { + resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; +@@ -459,7 +459,7 @@ + fprintf (outfil, " sym_k_%s_value,\n", + datobj->tkname); + } +-fprintf (outfil, canned1a); ++fprintf (outfil, "%s", canned1a); + + /* + * close the output file +@@ -509,19 +509,19 @@ + printf ("\nCouldn't open UilSymRArg.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Create table entries, similar to writing sym_k... + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + for ( ndx=0 ; ndx<wml_obj_arg_ptr->cnt ; ndx++ ) + { + resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; + fprintf (outfil, " %d,\n", + resobj->related_code); + } +-fprintf (outfil, canned1a); ++fprintf (outfil, "%s", canned1a); + + /* + * close the output file +@@ -621,12 +621,12 @@ + printf ("\nCouldn't open UilUrmClas.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Write entries for widgets + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + for ( ndx=0 ; ndx<wml_obj_class_ptr->cnt ; ndx++ ) + { + clsobj = (WmlClassDefPtr) wml_obj_class_ptr->hvec[ndx].objptr; +@@ -637,7 +637,7 @@ + else + fprintf (outfil, " \"%s\",\t\n", synobj->convfunc); + } +-fprintf (outfil, canned2); ++fprintf (outfil, "%s", canned2); + + /* + * Write entries for gadget variants of widget classes +@@ -661,7 +661,7 @@ + synobj->name); + } + } +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + + /* + * Write entries for non-dialog widgets +@@ -685,7 +685,7 @@ + synobj->name); + } + } +-fprintf (outfil, canned4); ++fprintf (outfil, "%s", canned4); + + /* + * Write entries for the resource a widget's controls map to +@@ -701,7 +701,7 @@ + else + fprintf (outfil, " sym_k_%s_arg,\n", mapresobj->tkname); + } +-fprintf (outfil, canned5); ++fprintf (outfil, "%s", canned5); + + /* + * Write entries for arguments +@@ -714,7 +714,7 @@ + fprintf (outfil, " %s,\n", + synres->resliteral); + } +-fprintf (outfil, canned6); ++fprintf (outfil, "%s", canned6); + + /* + * Write entries for reasons +@@ -727,7 +727,7 @@ + fprintf (outfil, " %s,\n", + synres->resliteral); + } +-fprintf (outfil, canned7); ++fprintf (outfil, "%s", canned7); + + /* + * close the output file +@@ -781,13 +781,13 @@ + printf ("\nCouldn't open UilConst.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Process the arguments in code order. We start with 1, and write out + * the mask after processing 8 codes. + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + strcpy (maskbuf, "0"); + for ( ndx=0 ; ndx<wml_obj_arg_ptr->cnt ; ndx++ ) + { +@@ -805,7 +805,7 @@ + } + if ( bitno != 8 ) + fprintf (outfil, "%s", maskbuf); +-fprintf (outfil, canned1a); ++fprintf (outfil, "%s", canned1a); + + /* + * close the output file +@@ -878,8 +878,8 @@ + printf ("\nCouldn't open UilSymReas.h"); + return; + } +-fprintf (outfil, canned_warn); +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned_warn); ++fprintf (outfil, "%s", canned1); + + /* + * Generate the bit vectors for each class. Outer loop on the reason code, +@@ -925,13 +925,13 @@ + /* + * Write the vector of vectors. + */ +-fprintf (outfil, canned2); ++fprintf (outfil, "%s", canned2); + for ( resndx=0 ; resndx<wml_obj_reason_ptr->cnt ; resndx++ ) + { + resobj = (WmlResourceDefPtr) wml_obj_reason_ptr->hvec[resndx].objptr; + fprintf (outfil, " reason_class_vec%d,\n", resobj->sym_code); + } +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + + /* + * close the output file +@@ -1004,8 +1004,8 @@ + printf ("\nCouldn't open UilSymArTa.h"); + return; + } +-fprintf (outfil, canned_warn); +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned_warn); ++fprintf (outfil, "%s", canned1); + + /* + * Generate the bit vectors for each class. Outer loop on the argument code, +@@ -1051,13 +1051,13 @@ + /* + * Write the vector of vectors. + */ +-fprintf (outfil, canned2); ++fprintf (outfil, "%s", canned2); + for ( resndx=0 ; resndx<wml_obj_arg_ptr->cnt ; resndx++ ) + { + resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[resndx].objptr; + fprintf (outfil, " arg_class_vec%d,\n", resobj->sym_code); + } +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + + /* + * close the output file +@@ -1129,8 +1129,8 @@ + printf ("\nCouldn't open UilSymChTa.h"); + return; + } +-fprintf (outfil, canned_warn); +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned_warn); ++fprintf (outfil, "%s", canned1); + + /* + * Generate the bit vectors for each class. Outer loop on the child code, +@@ -1174,13 +1174,13 @@ + /* + * Write the vector of vectors. + */ +-fprintf (outfil, canned2); ++fprintf (outfil, "%s", canned2); + for ( childndx=0 ; childndx<wml_obj_child_ptr->cnt ; childndx++ ) + { + childobj = (WmlChildDefPtr) wml_obj_child_ptr->hvec[childndx].objptr; + fprintf (outfil, " child_class_vec%d,\n", childobj->sym_code); + } +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + + /* + * close the output file +@@ -1251,8 +1251,8 @@ + printf ("\nCouldn't open UilSymCtl.h"); + return; + } +-fprintf (outfil, canned_warn); +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned_warn); ++fprintf (outfil, "%s", canned1); + + /* + * Generate the bit vectors for each class. Outer loop on the class code, +@@ -1296,13 +1296,13 @@ + /* + * Write the vector of vectors. + */ +-fprintf (outfil, canned2); ++fprintf (outfil, "%s", canned2); + for ( ctlndx=0 ; ctlndx<wml_obj_class_ptr->cnt ; ctlndx++ ) + { + clsobj = (WmlClassDefPtr) wml_obj_class_ptr->hvec[ctlndx].objptr; + fprintf (outfil, " object_class_vec%d,\n", clsobj->sym_code); + } +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + + /* + * close the output file +@@ -1438,7 +1438,7 @@ + printf ("\nCouldn't open UilSymNam.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Write entries for widgets +@@ -1517,7 +1517,7 @@ + fprintf (outfil, " \"%s\",\n", + synch->name); + } +-fprintf (outfil, canned7); ++fprintf (outfil, "%s", canned7); + + /* + * close the output file +@@ -1621,12 +1621,12 @@ + printf ("\nCouldn't open UilSymEnum.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Generate the enumeration value vectors for each enumeration set. + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + for ( ndx=0 ; ndx<wml_obj_enumset_ptr->cnt ; ndx++ ) + { + enumsetobj = (WmlEnumSetDefPtr) wml_obj_enumset_ptr->hvec[ndx].objptr; +@@ -1643,7 +1643,7 @@ + /* + * Generate the enumeration set tables + */ +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + for ( ndx=0 ; ndx<wml_obj_enumset_ptr->cnt ; ndx++ ) + { + enumsetobj = (WmlEnumSetDefPtr) wml_obj_enumset_ptr->hvec[ndx].objptr; +@@ -1655,7 +1655,7 @@ + /* + * Create enumset table entries for arguments, similar to writing sym_k... + */ +-fprintf (outfil, canned4); ++fprintf (outfil, "%s", canned4); + for ( ndx=0 ; ndx<wml_obj_arg_ptr->cnt ; ndx++ ) + { + resobj = (WmlResourceDefPtr) wml_obj_arg_ptr->hvec[ndx].objptr; +@@ -1669,13 +1669,13 @@ + /* + * Create the enumval values table. + */ +-fprintf (outfil, canned5); ++fprintf (outfil, "%s", canned5); + for ( ndx=0 ; ndx<wml_obj_enumval_ptr->cnt ; ndx++ ) + { + evobj = (WmlEnumValueDefPtr) wml_obj_enumval_ptr->hvec[ndx].objptr; + fprintf (outfil, " %s,\n", evobj->syndef->enumlit); + } +-fprintf (outfil, canned5a); ++fprintf (outfil, "%s", canned5a); + + /* + * close the output file +@@ -1813,12 +1813,12 @@ + printf ("\nCouldn't open UilSymCSet.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Generate the standards name table + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + for ( ndx=0 ; ndx<wml_obj_charset_ptr->cnt ; ndx++ ) + { + csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; +@@ -1836,7 +1836,7 @@ + /* + * Generate the writing direction table + */ +-fprintf (outfil, canned2); ++fprintf (outfil, "%s", canned2); + for ( ndx=0 ; ndx<wml_obj_charset_ptr->cnt ; ndx++ ) + { + csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; +@@ -1858,7 +1858,7 @@ + /* + * Generate the parsing direction table + */ +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + for ( ndx=0 ; ndx<wml_obj_charset_ptr->cnt ; ndx++ ) + { + csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; +@@ -1880,7 +1880,7 @@ + /* + * Generate the character size table + */ +-fprintf (outfil, canned4); ++fprintf (outfil, "%s", canned4); + for ( ndx=0 ; ndx<wml_obj_charset_ptr->cnt ; ndx++ ) + { + csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; +@@ -1906,7 +1906,7 @@ + /* + * Generate the $LANG name recognition table + */ +-fprintf (outfil, canned5); ++fprintf (outfil, "%s", canned5); + lang_max = 0; + for ( ndx=0 ; ndx<wml_obj_charset_ptr->cnt ; ndx++ ) + { +@@ -1936,7 +1936,7 @@ + /* + * Generate the $LANG code lookup table, in upper case + */ +-fprintf (outfil, canned6); ++fprintf (outfil, "%s", canned6); + for ( ndx=0 ; ndx<wml_obj_charset_ptr->cnt ; ndx++ ) + { + csobj = (WmlCharSetDefPtr) wml_obj_charset_ptr->hvec[ndx].objptr; +--- a/tools/wml/wmloutkey.c ++++ b/tools/wml/wmloutkey.c +@@ -574,16 +574,16 @@ + printf ("\nCouldn't open UilKeyTab.h"); + return; + } +-fprintf (outfil, canned_warn); ++fprintf (outfil, "%s", canned_warn); + + /* + * Print the case sensitive and insensitive tables + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + wmlOutputUilKeyTabBody (outfil, wml_tok_sens_ptr, &maxlen, &maxkey); + fprintf (outfil, canned2, maxlen, maxkey); + wmlOutputUilKeyTabBody (outfil, wml_tok_insens_ptr, &maxlen, &maxkey); +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + + /* + * close the output file +@@ -812,8 +812,8 @@ + printf ("\nCouldn't open UilTokName.h"); + return; + } +-fprintf (outfil, canned_warn); +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned_warn); ++fprintf (outfil, "%s", canned1); + + /* + * Print the token name entries +--- a/tools/wml/wmloutmm.c ++++ b/tools/wml/wmloutmm.c +@@ -209,9 +209,9 @@ + /* + * Write out header information + */ +-fprintf (outfil, canned1); ++fprintf (outfil, "%s", canned1); + fprintf (outfil, "%s\n", name); +-fprintf (outfil, canned2); ++fprintf (outfil, "%s", canned2); + + /* + * Alphabetize the controls, reason, and argument lists +@@ -287,7 +287,7 @@ + else + fprintf (outfil, "\n"); + } +-fprintf (outfil, canned3); ++fprintf (outfil, "%s", canned3); + + /* + * Write out the argument table +@@ -323,7 +323,7 @@ + } + argndx += 1; + } +-fprintf (outfil, canned4); ++fprintf (outfil, "%s", canned4); + + } + |