tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/43904: pbulk's read_child.c compilation fails with GCC 4.4.3 under Ubuntu GNU/Linux

Hi all!

I just opened PR 43904, which I transcribe pieces below:

On Fri, Sep 24, 2010 at 02:30:00PM +0000, wrote:
> >Number:         43904
> >Category:       pkg
> >Synopsis:       pbulk's read_child.c compilation fails with GCC 4.4.3 under 
> >Ubuntu GNU/Linux
> When compiling bulk build environment under Ubuntu 10.04 GNU/Linux (cd 
> pkgtools/pbulk; bmake install), I get this error:
> gcc -Wno-error -Wno-error  -Wall -Wstrict-prototypes -Wmissing-prototypes 
> -Wpointer-arith -Wno-uninitialized -Wreturn-type -Wcast-qual -Wpointer-arith 
> -Wwrite-strings -Wswitch -Wshadow -Werror  -D_GNU_SOURCE -DHAVE_NBCOMPAT_H=1 
> -I/usr/pkgsrc/pkgtools/pbulk-base/work/libnbcompat -c read_child.c
> cc1: warnings being treated as errors
> read_child.c: In function 'read_from_child':
> read_child.c:73: error: format not a string literal and no format arguments
> *** Error code 1
> >Fix:
> Apply this patch against pkgtools/pbulk/files/pbulk/lib/read_child.c
> --- read_child.c.orig   2010-09-22 18:30:18.000000000 -0300
> +++ read_child.c        2010-09-22 18:30:47.000000000 -0300
> @@ -70,7 +70,7 @@
>                 (void)close(fd);
>                 (void)kill(child, SIGTERM);
>                 (void)waitpid(child, &status, 0);
> -               err(1, error);
> +               err(1, "%s", error);
>         }
>         (void)close(fd);

According to Joerg Sonnenberger (Cc'ed), it would be better to open a PR
for GCC first, since this feature is not necessary.

GCC documentation
( says:

        If -Wformat is specified, also warn about uses of format
        functions that represent possible security problems. At present,
        this warns about calls to printf and scanf functions where the
        format string is not a string literal and there are no format
        arguments, as in printf (foo);. This may be a security hole if
        the format string came from untrusted input and contains `%n'.
        (This is currently a subset of what -Wformat-nonliteral warns
        about, but in future warnings may be added to -Wformat-security
        that are not included in -Wformat-nonliteral.)

I suppose it had been discussed in GCC community before have been
included in GCC and I even agree with them.  That is because I'm
discouraged of opening a PR for GCC.

What some projects have done, is to disable -Wformat-security.

Anybody interested in opening a PR to GCC or want to discuss that?

Thank you very much.

Silas Silva

Home | Main Index | Thread Index | Old Index