I am receiving a "significant warning" from CRAN on the CLANG compile of ANN.cpp, in the yaImpute package, indicating;
format string is not a string literal (potentially insecure) [-Wformat-security]
I have tracked down the warning to this C++ code block, specifically both calls to Rprintf(msg)
. However, in reading posts on this warring, I am unclear on exactly how to address the security issue in the print.
void annError(const char *msg, ANNerr level)
{
if (level == ANNabort) {
//cerr << "ANN: ERROR------->" << msg << "<-------------ERROR\n";
Rprintf("ANN Fatal ERROR:");
Rprintf(msg);
// std::exit(1);
}
else {
//cerr << "ANN: WARNING----->" << msg << "<-------------WARNING\n";
Rprintf("ANN WARNING:");
Rprintf(msg);
}
}
I have seen advice that using __attribute__((__format__ (__printf__, 2, 0)))
is one way to address this issue but am unsure on how to modify the code block. I am admittedly, not a C++ programmer and inherited this code with the yaImpute package. Any advice would be much appreciated.
The format string refers to the first argument of Rprintf
, and that should be a string literal:
Rprintf("ANN WARNING:");
Rprintf("%s", msg);
Or:
Rprintf("ANN WARNING:\n%s", msg);
See also the documentation of the -Wformat-security
compiler flag in the GCC manual. (Yes, your warning was issued by Clang, but the Clang manual is much less helpful here.)