From c9c1e26106478258d8a91fe8fc5c69d8c3fa5206 Mon Sep 17 00:00:00 2001 From: Mark Janes Date: Mon, 3 Jun 2019 16:59:45 -0700 Subject: [PATCH] mesa: prevent common string formatting security issues Adds a compile-time error for obvious security issues like: printf(string_var); The proposed flag is more tolerant than -Wformat-nonliteral. Specifically, it tolerates common mesa formatting like: static const char *shader_template = "really long string %d"; printf(shader_template, uniform_number); Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=110833 Reviewed-by: Eric Anholt Reviewed-by: Eric Engestrom --- meson.build | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meson.build b/meson.build index 1d32d909c95..949ab970089 100644 --- a/meson.build +++ b/meson.build @@ -849,6 +849,8 @@ c_args = [] foreach a : ['-Werror=implicit-function-declaration', '-Werror=missing-prototypes', '-Werror=return-type', '-Werror=incompatible-pointer-types', + '-Werror=format', + '-Wformat-security', '-fno-math-errno', '-fno-trapping-math', '-Qunused-arguments'] if cc.has_argument(a) @@ -870,6 +872,8 @@ endif # Check for generic C++ arguments cpp_args = [] foreach a : ['-Werror=return-type', + '-Werror=format', + '-Wformat-security', '-fno-math-errno', '-fno-trapping-math', '-Qunused-arguments'] if cpp.has_argument(a) -- 2.30.2