[cpl-plugin-sinfo] 07/42: fix format security errors
Ole Streicher
olebole-guest at alioth.debian.org
Mon Sep 16 11:16:18 UTC 2013
This is an automated email from the git hooks/post-receive script.
olebole-guest pushed a commit to branch debian
in repository cpl-plugin-sinfo.
commit c870cfe99c759486f98e1e2e792e64a795910512
Author: Ole Streicher <debian at liska.ath.cx>
Date: Tue Jan 8 09:27:09 2013 +0100
fix format security errors
---
debian/patches/format_security.patch | 254 ++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 255 insertions(+)
diff --git a/debian/patches/format_security.patch b/debian/patches/format_security.patch
new file mode 100644
index 0000000..724cbc8
--- /dev/null
+++ b/debian/patches/format_security.patch
@@ -0,0 +1,254 @@
+--- a/sinfoni/sinfo_rec_utils.c
++++ b/sinfoni/sinfo_rec_utils.c
+@@ -265,7 +265,7 @@
+ basename(sky_name)); */
+ snprintf(fake_sky_name,MAX_NAME_SIZE-1,"%s%d%s","out_fake_sky",i,".fits");
+ } else {
+- snprintf(fake_sky_name, MAX_NAME_SIZE-1,sky_name) ;
++ snprintf(fake_sky_name, MAX_NAME_SIZE-1,"%s", sky_name) ;
+ }
+
+ check_nomsg(sky_ima=cpl_image_load(sky_name,CPL_TYPE_FLOAT,0,0));
+@@ -463,7 +463,7 @@
+ "fake_",basename(sky_name)); */
+ snprintf(fake_sky_name,MAX_NAME_SIZE-1,"%s%d%s","out_fake_sky",i,".fits");
+ } else {
+- snprintf(fake_sky_name, MAX_NAME_SIZE-1,sky_name) ;
++ snprintf(fake_sky_name, MAX_NAME_SIZE-1, "%s", sky_name) ;
+ }
+
+ check_nomsg(sky_ima=cpl_image_load(sky_name,CPL_TYPE_FLOAT,0,0));
+--- a/sinfoni/sinfo_objnod_ini_by_cpl.c
++++ b/sinfoni/sinfo_objnod_ini_by_cpl.c
+@@ -228,7 +228,7 @@
+ strcpy(cfg -> wavemap, cpl_frame_get_filename(frame));
+ } else {
+ sinfo_msg("Frame %s not found!", PRO_WAVE_MAP);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ (*status)++;
+ return ;
+ }
+@@ -238,7 +238,7 @@
+ strcpy(cfg -> mflat, cpl_frame_get_filename(frame));
+ } else {
+ sinfo_msg("Frame %s not found!", PRO_MASTER_FLAT_LAMP);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ (*status)++;
+ return ;
+ }
+--- a/sinfoni/sinfo_dfs.c
++++ b/sinfoni/sinfo_dfs.c
+@@ -1734,8 +1734,8 @@
+ int sinfo_check_rec_status(const int val) {
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg_error("error before %d",val);
+- sinfo_msg_error((char* ) cpl_error_get_message());
+- sinfo_msg_error((char* ) cpl_error_get_where());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_where());
+ return -1;
+ }
+ return 0;
+--- a/sinfoni/sinfo_pro_save.c
++++ b/sinfoni/sinfo_pro_save.c
+@@ -165,16 +165,16 @@
+ cpl_propertylist * plist =NULL;
+ if ((plist = cpl_propertylist_load(file, 0)) == NULL) {
+ sinfo_msg_error( "getting header from file %s",file);
+- sinfo_msg_error((char* ) cpl_error_get_message());
+- sinfo_msg_error((char* ) cpl_error_get_where());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_where());
+ cpl_propertylist_delete(plist) ;
+ return -1 ;
+ }
+
+ if (CPL_ERROR_NONE!=cpl_propertylist_set_float(plist,card,value)){
+ sinfo_msg_error( "setting header of file %s",file);
+- sinfo_msg_error((char* ) cpl_error_get_message());
+- sinfo_msg_error((char* ) cpl_error_get_where());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_where());
+ cpl_propertylist_delete(plist) ;
+ return -1 ;
+ }
+@@ -858,7 +858,7 @@
+ if(cpl_dfs_setup_product_header(*plist,product_frame,ref_set,parlist,recid,
+ pipe_id,KEY_VALUE_HPRO_DID,NULL) != CPL_ERROR_NONE) {
+ sinfo_msg_warning("Problem in the product DFS-compliance");
+- sinfo_msg_warning((char* ) cpl_error_get_message());
++ sinfo_msg_warning("%s", (char* ) cpl_error_get_message());
+ cpl_errorstate_dump(initial_errorstate, CPL_FALSE, NULL);
+ cpl_error_reset();
+ }
+@@ -885,7 +885,7 @@
+ tmp = sinfo_new_get_rootname(in);
+ strcpy(name_b,tmp);
+ } else {
+- snprintf(name_b, MAX_NAME_SIZE-1,in) ;
++ snprintf(name_b, MAX_NAME_SIZE-1,"%s", in) ;
+ }
+ strcpy(*ou,name_b);
+ if (type == CPL_FRAME_TYPE_TABLE) {
+--- a/sinfoni/sinfo_wcal_functions.c
++++ b/sinfoni/sinfo_wcal_functions.c
+@@ -100,7 +100,7 @@
+ fp=cpl_table_load(filename,1,0);
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg("cannot load table %s",filename);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ return -1;
+ }
+
+--- a/sinfoni/sinfo_new_slit_pos.c
++++ b/sinfoni/sinfo_new_slit_pos.c
+@@ -174,7 +174,7 @@
+ cfg->slitposIndicator=1;
+ }
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+@@ -239,7 +239,7 @@
+ /*---open the line list and read the number of lines---*/
+
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+@@ -247,14 +247,14 @@
+ tbl_line_list_name=cfg->lineList;
+ tbl_line_list = cpl_table_load(tbl_line_list_name,1,0);
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+ n = cpl_table_get_nrow(tbl_line_list);
+ n_lines = n;
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+@@ -271,14 +271,14 @@
+
+ wave = cpl_table_get_data_float(tbl_line_list,"wave");
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+
+ intens = cpl_table_get_data_float(tbl_line_list,"int");
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+@@ -571,7 +571,7 @@
+ tbl_wcal = cpl_table_load(tbl_name,1,0);
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg("cannot load table %s",tbl_name);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+@@ -583,7 +583,7 @@
+ }
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg("cannot read table %s",tbl_name);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ sinfo_qc_wcal_delete(&qc);
+ return -1;
+ }
+--- a/sinfoni/sinfo_utilities.c
++++ b/sinfoni/sinfo_utilities.c
+@@ -760,7 +760,7 @@
+ if ((iset = sinfo_new_imagelist_load_frameset(fset,
+ CPL_TYPE_FLOAT, 0, 0)) == NULL) {
+ sinfo_msg_error( "Cannot load *** the image set") ;
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+
+ cpl_free(filenames) ;
+ return NULL ;
+--- a/sinfoni/sinfo_utilities_scired.c
++++ b/sinfoni/sinfo_utilities_scired.c
+@@ -443,14 +443,14 @@
+ /*READ TFITS TABLE*/
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg_error("Before loading input table");
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ return NULL;
+ }
+ strcpy(tbl_distances_name,distlist);
+ tbl_distances = cpl_table_load(tbl_distances_name,1,0);
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg_error("loading input table %s",tbl_distances_name);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ return NULL;
+ }
+
+@@ -459,7 +459,7 @@
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg_error("reading col %s from table %s","slitlet_distance",
+ tbl_distances_name);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ return NULL;
+ }
+ sinfo_new_array_set_value(distances,tmp_float,i);
+@@ -498,7 +498,7 @@
+ tbl_slitpos = cpl_table_load(tbl_slitpos_name,1,0);
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg_error("error loading tbl %s",tbl_slitpos_name);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ return NULL;
+ }
+ n = cpl_table_get_nrow(tbl_slitpos);
+@@ -512,7 +512,7 @@
+ edge_y=cpl_table_get_double(tbl_slitpos,"pos2",i,status);
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg_error("error reading tbl %s row %d",tbl_slitpos_name,i);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ return NULL;
+ }
+ sinfo_new_array2D_set_value(slit_edges,edge_x,i,0);
+@@ -521,7 +521,7 @@
+ cpl_table_delete(tbl_slitpos);
+ if(cpl_error_get_code() != CPL_ERROR_NONE) {
+ sinfo_msg_error("error reading tbl %s",tbl_slitpos_name);
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ return NULL;
+ }
+
+--- a/recipes/sinfo_rec_distortion.c
++++ b/recipes/sinfo_rec_distortion.c
+@@ -793,7 +793,7 @@
+ if( (img = cpl_imagelist_collapse_minmax_create(imset_tot,
+ lo_cut,hi_cut)) == NULL) {
+ sinfo_msg_error("Error code");
+- sinfo_msg_error((char* ) cpl_error_get_message());
++ sinfo_msg_error("%s", (char* ) cpl_error_get_message());
+ cpl_imagelist_delete(imset_tot);
+ cpl_frameset_delete(sof);
+ cpl_propertylist_delete(plist) ;
diff --git a/debian/patches/series b/debian/patches/series
index e2c2220..3306368 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
libadd_cpl.patch
set_plugindir.patch
use-std-paths-for-cpl.patch
+format_security.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/cpl-plugin-sinfo.git
More information about the debian-science-commits
mailing list