Now compiling with -Werror=format-security if supported by compiler. R…

…esolves #57. Added --long to git describe. Resolves #56. * feature/ISSUE57-FormatSecurity: Updated NEWS.md. configure.ac: Added -Wformat -Wformat-security and -Werror=format-security to AM_CXXFLAGS, if compiler supports it. Makefile.am: Added --long option to git describe. Resolves #56. ArgParse.cpp: Changed fprintf() to fputs() to print a non-literal but const string. Added -Werror=format-security to configure.ac.
gvansickle · Feb 9, 2016 · 5241710 · 5241710
2 parents 33115d9 + 617543a
commit 5241710
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -53,7 +53,7 @@ build_info.cpp: FORCE verify-provenance
 		GIT_DESCRIBE=$$(cat $(top_srcdir)/.tarball-version); \
 	elif (which git && cd $(top_srcdir) && git describe > /dev/null); then \
 		: We are building from a git repo. ; \
-		GIT_DESCRIBE="$$(cd $(top_srcdir) && git describe --dirty)"; \
+		GIT_DESCRIBE="$$(cd $(top_srcdir) && git describe --long --dirty)"; \
 	else GIT_DESCRIBE="unknown"; \
 	fi; \
 	echo "const char *g_git_describe = \"$${GIT_DESCRIBE}\";" >> "$@"
@@ -74,7 +74,7 @@ verify-provenance:
 	fi;
 
 dist-hook:
-	echo -n "$$(cd $(top_srcdir) && git describe --dirty | tr -d '\r\n')-tarball"  > "$(distdir)/.tarball-version"
+	echo -n "$$(cd $(top_srcdir) && git describe --long --dirty | tr -d '\r\n')-tarball"  > "$(distdir)/.tarball-version"
 
 ucg_CPPFLAGS = -I $(top_srcdir)/src \
 	$(BOOST_TR1_CPPFLAGS) $(BOOST_CPPFLAGS) \

diff --git a/NEWS.md b/NEWS.md
@@ -6,7 +6,7 @@
 Minor bugfix/feature release of UniversalCodeGrep (ucg).
 
 ### Added
-- Added auto-versioning support, improved --version output to display built-from vcs/tarball info, compiler version, libpcre version and info.  Resolves #4.
+- Added auto-versioning support, improved --version output to display built-from vcs/tarball info, compiler version, libpcre version and info.  Resolves #4, #56.
 - Added performance test vs. grep on Boost --cpp files with regex 'BOOST.*HPP' to testsuite.
 - Added color-vs-file and color-vs-tty tests to the testsuite.
 - Performance test suite now captures version info of the programs that are being compared.  Resolves #22.
@@ -21,6 +21,8 @@ Minor bugfix/feature release of UniversalCodeGrep (ucg).
 - Fixed extra newline at the start of tty output.  Resolves #50.
 - Merged pull request #54 from ismail/clang-fix: Add sstream include to fix compilation with clang with libc++.
 
+### Security
+- Now compiling with -Wformat, -Wformat-security, -Werror=format-security if compiler supports it.  Resolves #57.
 
 ## [0.2.0] - 2015-12-28
 - No news yet.
diff --git a/configure.ac b/configure.ac
@@ -177,6 +177,8 @@ AS_IF([test -n $CXX11_FLAG],
 # Boost generates a ton of these warnings.
 AX_APPEND_COMPILE_FLAGS([-Wno-unused-local-typedefs], [AM_CXXFLAGS])
 AX_APPEND_COMPILE_FLAGS([-pthread], [AM_CXXFLAGS])
+AX_APPEND_COMPILE_FLAGS([-Wformat -Wformat-security],[AM_CXXFLAGS])
+AX_APPEND_COMPILE_FLAGS(['-Werror=format-security'],[AM_CXXFLAGS],[-Wformat -Wformat-security])
 # Put this back in to help with profiling.
 #AX_APPEND_COMPILE_FLAGS([-fno-omit-frame-pointer], [AM_CXXFLAGS])
 AC_LANG_POP([C++])

diff --git a/src/ArgParse.cpp b/src/ArgParse.cpp
@@ -343,7 +343,7 @@ void ArgParse::Parse(int argc, char **argv)
 void ArgParse::PrintVersionText(FILE* stream, struct argp_state* state)
 {
 	// Print the version string and copyright notice.
-	std::fprintf(stream, argp_program_version);
+	std::fputs(argp_program_version, stream);
 
 	// In addition, we want to print the compiler/version we were built with, the libpcre version and some other info on it,
 	// and any source control version info we can get.