Bug 912992

Summary:	[games-emulation/duckstation-9999] src/util/cd_image_chd.cpp Trips format-security Flag
Product:	GURU	Reporter:	Neko-san <gentoo.qxrin>
Component:	Package issues	Assignee:	Haelwenn (lanodan) Monnier <contact>
Status:	RESOLVED UPSTREAM
Severity:	minor	CC:	alex
Priority:	Normal
Version:	unspecified
Hardware:	AMD64
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Emerge Info and Build Log

Description Neko-san 2023-08-25 09:08:20 UTC

This isn't "technically" too big of a deal, but do correct me if I'm wrong because I'm not an expert on how security memory exploits work for C++, but there's at least one instance of -Werror=format-security in "src/util/cd_image_chd.cpp" being tripped on line 163.

Of course, this only doesn't happen if you don't build with this flag but I do because I generally keep an eye out for this stuff where I can. This isn't the first time I've caught upstream making this specific error either, but they aren't very receptive to open-source behavior on this particular project (it's locked/restricted) either, so it's not even possible to mention issues there.

Reproducible: Always

Steps to Reproduce:
1.Add "-Wformat -Werror=format-security" to CFLAGS
2.emerge duckstation
Actual Results:  
Build fails due to a format security error

Expected Results:  
Build to succeed without such an issue

Comment 1 Neko-san 2023-08-25 09:08:53 UTC

Created attachment 868674 [details]
Emerge Info and Build Log

Comment 2 Alex Barker 2023-10-27 05:52:53 UTC

I am unable to currently reproduce this problem. It may have been resolved upstream.

Comment 3 Sam James archtester

2023-10-28 04:55:02 UTC

Fixed in https://github.com/stenzek/duckstation/commit/9112b6a850bffb43169a2275ca895863bf1d199c, I think.