I am trying to use Coccinelle to patch NetHack 3.4.3, so that it compiles with -Werror=format-security" flag.
Here is my ".cocci" file to patch nethack.
$ cat fix-pline.cocci
@rule1@
expression argc1;
@@
- pline(argc1)
+ pline("%s", argc1)
@rule2@
expression fbuf;
expression dfeature;
@@
- if (dfeature) pline(fbuf);
+ pline("%s", fbuf)
if (dfeature) pline(fbuf);
$ cat desired.patch
diff --git a/src/invent.c b/src/invent.c
index b9a3683..9b43767 100644
--- a/src/invent.c
+++ b/src/invent.c
@@ -2214,7 +2214,7 @@ boolean picked_some;
Sprintf(fbuf, "There is %s here.", an(dfeature));
if (!otmp || is_lava(u.ux,u.uy) || (is_pool(u.ux,u.uy) && !Underwater)) {
- if (dfeature) pline(fbuf);
+ if (dfeature) pline("%s", fbuf);
read_engr_at(u.ux, u.uy); /* Eric Backus */
if (!skip_objects && (Blind || !dfeature))
You("%s no objects here.", verb);
... but no luck so far. I suspect that all those crazy "ifdef" statements are causing problems.