jeroen clarysse
2016-10-14 09:44:25 UTC
Xcode generates a warning "format string is not a string literal (potentially insecure)” when using the RTF_SEtError() function, which is just a wrapper for SDL_SetError()
I understand the warning and agree that it is not a safe thing to do, but on line 145 in SDL_rtf.c, a call is made like this :
int RTF_Load(RTF_Context *ctx, const char *file)
{
SDL_RWops *rw = SDL_RWFromFile(file, "rb");
if ( rw == NULL )
{
const char * e = SDL_GetError();
RTF_SetError(e);
return -1;
}
return RTF_Load_RW(ctx, rw, 1);
}
first of all, I don’t see the use of the two lines
const char * e = SDL_GetError();
RTF_SetError(e);
this just gets the SDL error, and passes it back since RTF_SetError is just a wrapper, as defined on line 162 in SDL_rtf.h :
#define RTF_SetError SDL_SetError
My guess is that the function RTF_SetError is currently a define, with anticipation that perhaps it will become a true function later on…
for now I solved the warning by replacing the SDL_SetError call with this :
RTF_SetError("%s",e);
I hope this is of some use to someone sometime :-)
I understand the warning and agree that it is not a safe thing to do, but on line 145 in SDL_rtf.c, a call is made like this :
int RTF_Load(RTF_Context *ctx, const char *file)
{
SDL_RWops *rw = SDL_RWFromFile(file, "rb");
if ( rw == NULL )
{
const char * e = SDL_GetError();
RTF_SetError(e);
return -1;
}
return RTF_Load_RW(ctx, rw, 1);
}
first of all, I don’t see the use of the two lines
const char * e = SDL_GetError();
RTF_SetError(e);
this just gets the SDL error, and passes it back since RTF_SetError is just a wrapper, as defined on line 162 in SDL_rtf.h :
#define RTF_SetError SDL_SetError
My guess is that the function RTF_SetError is currently a define, with anticipation that perhaps it will become a true function later on…
for now I solved the warning by replacing the SDL_SetError call with this :
RTF_SetError("%s",e);
I hope this is of some use to someone sometime :-)