From 1240720e27232fdb199a4da93ca6705864442026 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Wed, 17 Nov 2021 09:05:46 +0000 Subject: [PATCH] always use "%s"-style format for printf()-style functions `ncuses-6.3` added printf-style function attributes and now makes it easier to catch cases when user input is used in palce of format string when built with CFLAGS=-Werror=format-security: musikcube/cursespp/cursespp/curses_config.h:54:36: error: format not a string literal and no format arguments [-Werror=format-security] 54 | if (window && format) { wprintw(window, format, ##__VA_ARGS__); } | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ musikcube/src/musikcube/app/window/TransportWindow.cpp:640:5: note: in expansion of macro 'checked_wprintw' 640 | checked_wprintw(c, shuffleLabel.c_str( Let's wrap all the missing places with "%s" format. --- src/musikcube/app/window/TransportWindow.cpp | 10 +++++----- src/musikcube/cursespp/DialogOverlay.cpp | 4 ++-- src/musikcube/cursespp/InputOverlay.cpp | 2 +- src/musikcube/cursespp/ListOverlay.cpp | 2 +- src/musikcube/cursespp/ShortcutsWindow.cpp | 4 ++-- src/musikcube/cursespp/ToastOverlay.cpp | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/musikcube/app/window/TransportWindow.cpp b/src/musikcube/app/window/TransportWindow.cpp index 2b30ceba8..8de1985e9 100755 --- a/src/musikcube/app/window/TransportWindow.cpp +++ b/src/musikcube/app/window/TransportWindow.cpp @@ -331,7 +331,7 @@ static size_t writePlayingFormat( } ON(w, attr); - checked_wprintw(w, value.c_str()); + checked_wprintw(w, "%s", value.c_str()); OFF(w, attr); remaining -= cols; @@ -623,7 +623,7 @@ void TransportWindow::Update(TimeMode timeMode) { if (stopped && !this->buffering) { ON(c, disabled); - checked_wprintw(c, Strings.STOPPED.c_str()); + checked_wprintw(c, "%s", Strings.STOPPED.c_str()); displayCache->Reset(); OFF(c, disabled); } @@ -637,7 +637,7 @@ void TransportWindow::Update(TimeMode timeMode) { wmove(c, 0, shuffleOffset); Color const shuffleAttrs = this->playback.IsShuffled() ? gb : disabled; ON(c, shuffleAttrs); - checked_wprintw(c, shuffleLabel.c_str()); + checked_wprintw(c, "%s", shuffleLabel.c_str()); OFF(c, shuffleAttrs); this->shufflePos.Set(shuffleOffset, (int) shuffleWidth); @@ -756,7 +756,7 @@ void TransportWindow::Update(TimeMode timeMode) { wmove(c, 1, 0); /* move cursor to the second line */ ON(c, volumeAttrs); - checked_wprintw(c, volume.c_str()); + checked_wprintw(c, "%s", volume.c_str()); OFF(c, volumeAttrs); if (replayGainEnabled) { @@ -778,7 +778,7 @@ void TransportWindow::Update(TimeMode timeMode) { ON(c, repeatAttrs); this->repeatPos.Set(getcurx(c), (int) u8cols(repeatModeLabel)); - checked_wprintw(c, repeatModeLabel.c_str()); + checked_wprintw(c, "%s", repeatModeLabel.c_str()); OFF(c, repeatAttrs); this->Invalidate(); diff --git a/src/musikcube/cursespp/DialogOverlay.cpp b/src/musikcube/cursespp/DialogOverlay.cpp index 73898be20..691f4acdf 100644 --- a/src/musikcube/cursespp/DialogOverlay.cpp +++ b/src/musikcube/cursespp/DialogOverlay.cpp @@ -226,7 +226,7 @@ void DialogOverlay::Redraw() { if (this->title.size()) { wmove(c, currentY, currentX); wattron(c, A_BOLD); - checked_wprintw(c, text::Ellipsize(this->title, this->width - 4).c_str()); + checked_wprintw(c, "%s", text::Ellipsize(this->title, this->width - 4).c_str()); wattroff(c, A_BOLD); currentY += 2; } @@ -234,7 +234,7 @@ void DialogOverlay::Redraw() { if (this->message.size()) { for (size_t i = 0; i < messageLines.size(); i++) { wmove(c, currentY, currentX); - checked_wprintw(c, this->messageLines.at(i).c_str()); + checked_wprintw(c, "%s", this->messageLines.at(i).c_str()); ++currentY; } } diff --git a/src/musikcube/cursespp/InputOverlay.cpp b/src/musikcube/cursespp/InputOverlay.cpp index ee0470348..9019f8e71 100644 --- a/src/musikcube/cursespp/InputOverlay.cpp +++ b/src/musikcube/cursespp/InputOverlay.cpp @@ -203,7 +203,7 @@ void InputOverlay::Redraw() { if (this->title.size()) { wmove(c, 0, 1); wattron(c, A_BOLD); - checked_wprintw(c, text::Align(this->title, text::AlignCenter, this->width - 4).c_str()); + checked_wprintw(c, "%s", text::Align(this->title, text::AlignCenter, this->width - 4).c_str()); wattroff(c, A_BOLD); } } diff --git a/src/musikcube/cursespp/ListOverlay.cpp b/src/musikcube/cursespp/ListOverlay.cpp index 82c8e9be8..e2dc3c22e 100644 --- a/src/musikcube/cursespp/ListOverlay.cpp +++ b/src/musikcube/cursespp/ListOverlay.cpp @@ -328,7 +328,7 @@ void ListOverlay::UpdateContents() { if (this->title.size()) { wmove(c, currentY, currentX); wattron(c, A_BOLD); - checked_wprintw(c, text::Align(this->title, text::AlignCenter, this->width - 4).c_str()); + checked_wprintw(c, "%s", text::Align(this->title, text::AlignCenter, this->width - 4).c_str()); wattroff(c, A_BOLD); currentY += 2; } diff --git a/src/musikcube/cursespp/ShortcutsWindow.cpp b/src/musikcube/cursespp/ShortcutsWindow.cpp index f34576e0e..d7a777548 100755 --- a/src/musikcube/cursespp/ShortcutsWindow.cpp +++ b/src/musikcube/cursespp/ShortcutsWindow.cpp @@ -236,7 +236,7 @@ void ShortcutsWindow::OnRedraw() { } wattron(c, keyAttrs); - checked_wprintw(c, key.c_str()); + checked_wprintw(c, "%s", key.c_str()); wattroff(c, keyAttrs); remaining -= len; @@ -252,7 +252,7 @@ void ShortcutsWindow::OnRedraw() { len = remaining; } - checked_wprintw(c, value.c_str()); + checked_wprintw(c, "%s", value.c_str()); remaining -= len; } } diff --git a/src/musikcube/cursespp/ToastOverlay.cpp b/src/musikcube/cursespp/ToastOverlay.cpp index 0143f3a78..0bfb1aeab 100644 --- a/src/musikcube/cursespp/ToastOverlay.cpp +++ b/src/musikcube/cursespp/ToastOverlay.cpp @@ -115,6 +115,6 @@ void ToastOverlay::OnRedraw() { for (int i = 0; i < (int) this->titleLines.size(); i++) { wmove(c, i, 1); - checked_wprintw(c, text::Ellipsize(this->titleLines[i], this->width - 4).c_str()); + checked_wprintw(c, "%s", text::Ellipsize(this->titleLines[i], this->width - 4).c_str()); } }