PDA

View Full Version : gtk_message_dialog_new showing literal warning!



Ravi Raj
05-15-2012, 07:16 AM
Hello friends,

Please have a look to the code below:


void
error_message(const gchar* message)
{
GtkWidget *dialog;

g_warning("%s", message);

dialog = gtk_message_dialog_new(NULL, GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK, message);

gtk_window_set_title(GTK_WINDOW(dialog), "Program Error!");
gtk_dialog_run(GTK_DIALOG(dialog));
gtk_widget_destroy(dialog);
}

The above given code is showing the following error:

warning: format not a string literal and no format arguments [-Wformat-security]
in line:

dialog = gtk_message_dialog_new(NULL, GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK, message);
near 'message' variable, I don't know where I am wrong.
Please help.

Salem
05-15-2012, 07:23 AM
It's warning you that you're doing basically the same as this



void foo ( char *message ) {
printf(message);
}

If this code is called with a string containing % characters, then it is well and truly broken.
Get the right mix of % formats, and all sorts of really bad things happen (lookup format string attacks on the web).

Instead, consider doing something like


dialog = gtk_message_dialog_new(NULL,
GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
"%s", message);

Ravi Raj
05-15-2012, 09:30 AM
It's warning you that you're doing basically the same as this



void foo ( char *message ) {
printf(message);
}

If this code is called with a string containing % characters, then it is well and truly broken.
Get the right mix of % formats, and all sorts of really bad things happen (lookup format string attacks on the web).

Instead, consider doing something like


dialog = gtk_message_dialog_new(NULL,
GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
"%s", message);


That solved my problem.