[Rcpp-devel] Rf_error() format string

Iñaki Ucar inaki.ucar at uc3m.es
Tue Nov 28 15:05:25 CET 2023


See https://github.com/RcppCore/Rcpp/pull/1288

Iñaki


On Tue, 28 Nov 2023 at 14:49, Serguei Sokol <serguei.sokol at gmail.com> wrote:
>
> Hi,
>
> I've got a request from CRAN to correct my package rmumps using Rcpp:
> https://cran.r-project.org/web/checks/check_results_rmumps.html
>
> The problems come from RcppExports.cpp automatically generated lines like:
>
>     Rf_error(CHAR(rcpp_msgSEXP_gen));
>
> With a message saying:
>
> Found the following significant warnings:
>     RcppExports.cpp:58:18: warning: format string is not a string
> literal (potentially insecure) [-Wformat-security]
>     ...
>
> The fix may be as trivial as:
>
>    Rf_error("%s", CHAR(rcpp_msgSEXP_gen));
>
> However, if I do it manually, it will be overwritten at the next
> RcppExports.cppbuild.
> Are there some plans to incorporate this fix in Rcpp?
> Am I alone in this case?
>
> Best,
> Serguei.
> _______________________________________________
> Rcpp-devel mailing list
> Rcpp-devel at lists.r-forge.r-project.org
> https://lists.r-forge.r-project.org/cgi-bin/mailman/listinfo/rcpp-devel



-- 
Iñaki Úcar
Assistant Professor of Statistics
Director of the Master in Computational Social Science

Department of Statistics | Big Data Institute
Universidad Carlos III de Madrid
Av. de la Universidad 30, 28911 Leganés, Spain
Office: 7.3.J25, Tel: +34 916248804


More information about the Rcpp-devel mailing list