[Rcpp-devel] Rf_error() format string
Serguei Sokol
serguei.sokol at gmail.com
Tue Nov 28 14:48:57 CET 2023
Hi,
I've got a request from CRAN to correct my package rmumps using Rcpp:
https://cran.r-project.org/web/checks/check_results_rmumps.html
The problems come from RcppExports.cpp automatically generated lines like:
Rf_error(CHAR(rcpp_msgSEXP_gen));
With a message saying:
Found the following significant warnings:
RcppExports.cpp:58:18: warning: format string is not a string
literal (potentially insecure) [-Wformat-security]
...
The fix may be as trivial as:
Rf_error("%s", CHAR(rcpp_msgSEXP_gen));
However, if I do it manually, it will be overwritten at the next
RcppExports.cppbuild.
Are there some plans to incorporate this fix in Rcpp?
Am I alone in this case?
Best,
Serguei.
More information about the Rcpp-devel
mailing list