Re: [PATCH net 3/4] selftests/tcp_ao: Fix fscanf() call for format-security
From: Dmitry Safonov
Date: Fri Apr 12 2024 - 21:50:28 EST
On Sat, 13 Apr 2024 at 02:43, Dmitry Safonov via B4 Relay
<devnull+0x7f454c46.gmail.com@xxxxxxxxxx> wrote:
>
> From: Dmitry Safonov <0x7f454c46@xxxxxxxxx>
>
> On my new laptop with packages from nixos-unstable, gcc 12.3.0 produces:
> > lib/proc.c: In function ‘netstat_read_type’:
> > lib/proc.c:89:9: error: format not a string literal and no format arguments [-Werror=format-security]
> > 89 | if (fscanf(fnetstat, type->header_name) == EOF)
> > | ^~
> > cc1: some warnings being treated as errors
>
> Here the selftests lib parses header name, while expectes non-space word
> ending with a column.
>
> Fixes: cfbab37b3da0 ("selftests/net: Add TCP-AO library")
> Signed-off-by: Dmitry Safonov <0x7f454c46@xxxxxxxxx>
Actually, now I see that it was also reported, adding
Reported-by: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx>
Link: https://lore.kernel.org/all/0c6d4f0d-2064-4444-986b-1d1ed782135f@xxxxxxxxxxxxx/
--
Dmitry