You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Jiri Daněk (JIRA)" <ji...@apache.org> on 2019/07/25 12:08:00 UTC
[jira] [Created] (PROTON-2080) cc1plus: warning: -Wformat-security
ignored without -Wformat [-Wformat-security]
Jiri Daněk created PROTON-2080:
----------------------------------
Summary: cc1plus: warning: -Wformat-security ignored without -Wformat [-Wformat-security]
Key: PROTON-2080
URL: https://issues.apache.org/jira/browse/PROTON-2080
Project: Qpid Proton
Issue Type: Bug
Components: proton-c
Affects Versions: proton-c-0.28.0
Reporter: Jiri Daněk
I am getting the {{-Wformat-security ignored}} warning when I (accidentally) used a GCC with hardening flags set to build qpid proton. This can happen in RPM spec file, and also due to bug https://github.com/NixOS/nixpkgs/issues/60919.
{noformat}
[ 37%] Building CXX object c/tests/CMakeFiles/c-extra-test.dir/url_test.cpp.o
cd /root/rpmbuild/BUILD/qpid-proton-0.28.0/c/tests && /usr/bin/c++ -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/c/include -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/c/src -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/c/tests -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/tests/include -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wno-error=format-security -fvisibility=hidden -O2 -g -DNDEBUG -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wno-error=format-security -fvisibility=hidden -Werror -Wall -pedantic-errors -Wno-format -Wno-variadic-macros -o CMakeFiles/c-extra-test.dir/url_test.cpp.o -c /root/rpmbuild/BUILD/qpid-proton-0.28.0/c/tests/url_test.cpp
cc1plus: warning: -Wformat-security ignored without -Wformat [-Wformat-security]
[ 37%] Linking CXX executable c-extra-test
{noformat}
-I am honestly not sure what to think of this. At first sight, it seems to me the hardening options in RHEL and NixOS are incomplete (lacking the {{-Wformat}}), but then it seems strange that two distributions would make the same mistake.-
Proton intentionally sets {{-Wno-format}}. I think this is only necessary to do when BUILD_WITH_CXX is set, at least it works on RHEL 6 this way. See attached patch below.
I did not understand the if in c/tools/CMakeLists.txt. It sets {{-Wno-format}} when {{inttypes.h}} is not available. Yet
# platform_fmt.c includes inttypes.h irrespective of the result of the check
# judging by the comment in cmakelist.txt i'd expect I'd need -Wno-format if the inttypes.h is included, not without it
{code}
From 22b8401099580352f615ae24122f20650eabb263 Mon Sep 17 00:00:00 2001
From: Jiri Danek <jd...@redhat.com>
Date: Thu, 25 Jul 2019 13:57:57 +0200
Subject: [PATCH] =?UTF-8?q?PROTON-2079:=20-Wno-format=20only=20when=20BUIL?=
=?UTF-8?q?D=5FWITH=5FCXX=20AND=C2=A0CMAKE=5FCOMPILER=5FIS=5FGNUCC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It would be more appropriate to also limit -Wno-format to C++ < c++11 cases, but that I don't know how to do.
---
CMakeLists.txt | 7 ++++---
c/tools/CMakeLists.txt | 4 ++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f1091bab..b7974cdc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -138,14 +138,15 @@ if (CMAKE_COMPILER_IS_GNUCC)
set (WERROR "-Werror")
endif (ENABLE_WARNING_ERROR)
set (COMPILE_WARNING_FLAGS "${WERROR} -Wall -pedantic-errors")
- # C++ allow "%z" format specifier and variadic macros
- set (CXX_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-format -Wno-variadic-macros")
+ # C++ allow variadic macros
+ set (CXX_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-variadic-macros")
if (NOT BUILD_WITH_CXX)
set (COMPILE_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wstrict-prototypes -Wc++-compat -Wvla -Wsign-compare -Wwrite-strings")
set (COMPILE_LANGUAGE_FLAGS "-std=c99")
set (COMPILE_PLATFORM_FLAGS "-std=gnu99")
else (NOT BUILD_WITH_CXX)
- set (COMPILE_WARNING_FLAGS "${CXX_WARNING_FLAGS}")
+ # C++ allow "%z" format specifier
+ set (COMPILE_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-format")
endif (NOT BUILD_WITH_CXX)
if (ENABLE_UNDEFINED_ERROR)
diff --git a/c/tools/CMakeLists.txt b/c/tools/CMakeLists.txt
index 7a577cb1..f23c39e5 100644
--- a/c/tools/CMakeLists.txt
+++ b/c/tools/CMakeLists.txt
@@ -25,10 +25,10 @@ CHECK_INCLUDE_FILES("inttypes.h" INTTYPES_AVAILABLE)
if (INTTYPES_AVAILABLE)
list(APPEND PLATFORM_DEFINITIONS "USE_INTTYPES")
else (INTTYPES_AVAILABLE)
- if (CMAKE_COMPILER_IS_GNUCC)
+ if (BUILD_WITH_CXX AND CMAKE_COMPILER_IS_GNUCC)
# since inttypes.h provides portable printf format macros
set (COMPILE_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-format")
- endif (CMAKE_COMPILER_IS_GNUCC)
+ endif (BUILD_WITH_CXX AND CMAKE_COMPILER_IS_GNUCC)
endif (INTTYPES_AVAILABLE)
add_executable(msgr-recv msgr-recv.c msgr-common.c)
--
2.22.0
{code}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org