pkg/43904: pbulk's read_child.c compilation fails with GCC 4.4.3 under Ubuntu GNU/Linux

To: tech-pkg%netbsd.org@localhost
Subject: pkg/43904: pbulk's read_child.c compilation fails with GCC 4.4.3 under Ubuntu GNU/Linux
From: Silas Silva <silasdb%gmail.com@localhost>
Date: Sat, 25 Sep 2010 00:20:43 -0300

Hi all!

I just opened PR 43904, which I transcribe pieces below:

On Fri, Sep 24, 2010 at 02:30:00PM +0000, silasdb%gmail.com@localhost wrote:
> >Number:         43904
> >Category:       pkg
> >Synopsis:       pbulk's read_child.c compilation fails with GCC 4.4.3 under 
> >Ubuntu GNU/Linux
> When compiling bulk build environment under Ubuntu 10.04 GNU/Linux (cd 
> pkgtools/pbulk; bmake install), I get this error:
> 
> gcc -Wno-error -Wno-error  -Wall -Wstrict-prototypes -Wmissing-prototypes 
> -Wpointer-arith -Wno-uninitialized -Wreturn-type -Wcast-qual -Wpointer-arith 
> -Wwrite-strings -Wswitch -Wshadow -Werror  -D_GNU_SOURCE -DHAVE_NBCOMPAT_H=1 
> -I/usr/pkgsrc/pkgtools/pbulk-base/work/libnbcompat -c read_child.c
> cc1: warnings being treated as errors
> read_child.c: In function 'read_from_child':
> read_child.c:73: error: format not a string literal and no format arguments
> *** Error code 1
(...)
> >Fix:
> Apply this patch against pkgtools/pbulk/files/pbulk/lib/read_child.c
> 
> --- read_child.c.orig   2010-09-22 18:30:18.000000000 -0300
> +++ read_child.c        2010-09-22 18:30:47.000000000 -0300
> @@ -70,7 +70,7 @@
>                 (void)close(fd);
>                 (void)kill(child, SIGTERM);
>                 (void)waitpid(child, &status, 0);
> -               err(1, error);
> +               err(1, "%s", error);
>         }
>  
>         (void)close(fd);
> 

According to Joerg Sonnenberger (Cc'ed), it would be better to open a PR
for GCC first, since this feature is not necessary.

GCC documentation
(http://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html) says:

    -Wformat-security
        If -Wformat is specified, also warn about uses of format
        functions that represent possible security problems. At present,
        this warns about calls to printf and scanf functions where the
        format string is not a string literal and there are no format
        arguments, as in printf (foo);. This may be a security hole if
        the format string came from untrusted input and contains `%n'.
        (This is currently a subset of what -Wformat-nonliteral warns
        about, but in future warnings may be added to -Wformat-security
        that are not included in -Wformat-nonliteral.)

I suppose it had been discussed in GCC community before have been
included in GCC and I even agree with them.  That is because I'm
discouraged of opening a PR for GCC.

What some projects have done, is to disable -Wformat-security.

Anybody interested in opening a PR to GCC or want to discuss that?

Thank you very much.

-- 
Silas Silva

Follow-Ups:
- Re: pkg/43904: pbulk's read_child.c compilation fails with GCC 4.4.3 under Ubuntu GNU/Linux
  - From: Joerg Sonnenberger

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: travails of the pixman upgrade [Was: Is pango still broken? (vim-gtk2 won't build)]
Previous by Thread: daily pkgsrc CVS update output
Next by Thread: Re: pkg/43904: pbulk's read_child.c compilation fails with GCC 4.4.3 under Ubuntu GNU/Linux
Indexes:

Home | Main Index | Thread Index | Old Index