Wednesday, July 29, 2009

format not a string literal and no format arguments

Some time ago GCC started producing warnings like this:

warning: format not a string literal and no format arguments

What does this mean? GCC is saying that a function in printf style has a format string that it cannot check matches the format arguments. Here is some common code GLib code that causes this error:

GError *error = ...;

Why is this a problem? As error->message cannot be checked it may contain a printf flag sequence, e.g. "Invalid data: 'g^y#%s'" (i.e. %s) that would cause run-time to try and access a non-existent argument. It could be worse and the format string could be user-input that is attempting to exploit your program.

So the solution is to always use a string literal for formatting like this:

g_error("%s", error->message);

Wednesday, July 15, 2009

Gran Canaria Desktop Summit 2009

This year I was able to attend the Gran Canaria Desktop Summit which was great as I hadn't been to a GNOME meetup before.

Here are my impressions:

  • The community is very alive and active! There are many companies and individuals working on improving GNOME.
  • The GNOME foundation is well organised and financially sound. Donations are a big part of this success. If you contribute to GNOME in any way then become member (it's easy to join!).
  • Really impressed with the quality of PiTiVi — it's now a very capable basic video editing program. One thing the PiTiVi developers want though is a media manager...
  • ...which may be getting closer. Banshee is splitting it's backend out into Banshee Core which will be a database of music, video and photos on your computer. Hopefully there will be some convergence between this and tracker, zeitgeist and akonadi to provide a seamless user experience to your media.
  • GNOME Shell is still young but is showing some interesting breaks from the traditional desktop.
  • Project Mallard is going to make the GNOME documentation much better.
  • Testing initiatives like Mago and LDTP should see an increase in the quality of software.

The future looks really good!