Recently I have received the following error message on CRAN for some of my packages.
warning: format string is not a string literal (potentially insecure)
See for example the following link for the exact error messages (there are many other packages on CRAN which have received this error message recently).
Unfortunatelly I am not able to reproduce this error and can't find its source. My hypothesis is that this error is somehow related to stop() function since I do not use strings in other parts of Rcpp code. Also errors refer to the parts of RcppExports.cpp files which are looking like this:
Rboolean rcpp_isError_gen = Rf_inherits(rcpp_result_gen, "try-error");
if (rcpp_isError_gen) {
SEXP rcpp_msgSEXP_gen = Rf_asChar(rcpp_result_gen);
UNPROTECT(1);
Rf_error(CHAR(rcpp_msgSEXP_gen));
}
But it seems that there is nothing special about my strings so I can't figure out how to fix the issue. My calls to stop() function look like:
if (degree <= 0)
{
stop("degree should be positive integer");
}
So I use no special formatting which may cause such issues according to the answers to this this question. Please, help me figure out this error message.
Will be very greatful for help!
Please see the extended discussion at the repository in issue #1287 and PR #1288 ie here especially the comment as well as the extended post on the rcpp-devel list I also made today.
In short, you need an updated Rcpp version installed (instructions given) and then use it to update your RcppExports.cpp. Once that is done you can upload the updated version of your package under an increased version number.