Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-2080

cc1plus: warning: -Wformat-security ignored without -Wformat [-Wformat-security]

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: proton-c-0.28.0
    • Fix Version/s: None
    • Component/s: proton-c
    • Labels:
      None
    • Flags:
      Patch

      Description

      I am getting the -Wformat-security ignored warning when I (accidentally) used a GCC with hardening flags set to build qpid proton. This can happen in RPM spec file, and also due to bug https://github.com/NixOS/nixpkgs/issues/60919.

      [ 37%] Building CXX object c/tests/CMakeFiles/c-extra-test.dir/url_test.cpp.o
      cd /root/rpmbuild/BUILD/qpid-proton-0.28.0/c/tests && /usr/bin/c++   -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/c/include -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/c/src -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/c/tests -I/root/rpmbuild/BUILD/qpid-proton-0.28.0/tests/include  -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wno-error=format-security -fvisibility=hidden -O2 -g -DNDEBUG    -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wno-error=format-security -fvisibility=hidden -Werror -Wall -pedantic-errors -Wno-format -Wno-variadic-macros -o CMakeFiles/c-extra-test.dir/url_test.cpp.o -c /root/rpmbuild/BUILD/qpid-proton-0.28.0/c/tests/url_test.cpp
      cc1plus: warning: -Wformat-security ignored without -Wformat [-Wformat-security]
      [ 37%] Linking CXX executable c-extra-test
      

      I am honestly not sure what to think of this. At first sight, it seems to me the hardening options in RHEL and NixOS are incomplete (lacking the -Wformat), but then it seems strange that two distributions would make the same mistake.

      Proton intentionally sets -Wno-format. I think this is only necessary to do when BUILD_WITH_CXX is set, at least it works on RHEL 6 this way. See attached patch below.

      I did not understand the if in c/tools/CMakeLists.txt. It sets -Wno-format when inttypes.h is not available. Yet

      1. platform_fmt.c includes inttypes.h irrespective of the result of the check
      2. judging by the comment in cmakelist.txt i'd expect I'd need -Wno-format if the inttypes.h is included, not without it
      From 22b8401099580352f615ae24122f20650eabb263 Mon Sep 17 00:00:00 2001
      From: Jiri Danek <jdanek@redhat.com>
      Date: Thu, 25 Jul 2019 13:57:57 +0200
      Subject: [PATCH] =?UTF-8?q?PROTON-2079:=20-Wno-format=20only=20when=20BUIL?=
       =?UTF-8?q?D=5FWITH=5FCXX=20AND=C2=A0CMAKE=5FCOMPILER=5FIS=5FGNUCC?=
      MIME-Version: 1.0
      Content-Type: text/plain; charset=UTF-8
      Content-Transfer-Encoding: 8bit
      
      It would be more appropriate to also limit -Wno-format to C++ < c++11 cases, but that I don't know how to do.
      ---
       CMakeLists.txt         | 7 ++++---
       c/tools/CMakeLists.txt | 4 ++--
       2 files changed, 6 insertions(+), 5 deletions(-)
      
      diff --git a/CMakeLists.txt b/CMakeLists.txt
      index f1091bab..b7974cdc 100644
      --- a/CMakeLists.txt
      +++ b/CMakeLists.txt
      @@ -138,14 +138,15 @@ if (CMAKE_COMPILER_IS_GNUCC)
           set (WERROR "-Werror")
         endif (ENABLE_WARNING_ERROR)
         set (COMPILE_WARNING_FLAGS "${WERROR} -Wall -pedantic-errors")
      -  # C++ allow "%z" format specifier and variadic macros
      -  set (CXX_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-format -Wno-variadic-macros")
      +  # C++ allow variadic macros
      +  set (CXX_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-variadic-macros")
         if (NOT BUILD_WITH_CXX)
           set (COMPILE_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wstrict-prototypes -Wc++-compat -Wvla -Wsign-compare -Wwrite-strings")
           set (COMPILE_LANGUAGE_FLAGS "-std=c99")
           set (COMPILE_PLATFORM_FLAGS "-std=gnu99")
         else (NOT BUILD_WITH_CXX)
      -    set (COMPILE_WARNING_FLAGS "${CXX_WARNING_FLAGS}")
      +    # C++ allow "%z" format specifier
      +    set (COMPILE_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-format")
         endif (NOT BUILD_WITH_CXX)
       
         if (ENABLE_UNDEFINED_ERROR)
      diff --git a/c/tools/CMakeLists.txt b/c/tools/CMakeLists.txt
      index 7a577cb1..f23c39e5 100644
      --- a/c/tools/CMakeLists.txt
      +++ b/c/tools/CMakeLists.txt
      @@ -25,10 +25,10 @@ CHECK_INCLUDE_FILES("inttypes.h" INTTYPES_AVAILABLE)
       if (INTTYPES_AVAILABLE)
         list(APPEND PLATFORM_DEFINITIONS "USE_INTTYPES")
       else (INTTYPES_AVAILABLE)
      -  if (CMAKE_COMPILER_IS_GNUCC)
      +  if (BUILD_WITH_CXX AND CMAKE_COMPILER_IS_GNUCC)
           # since inttypes.h provides portable printf format macros
           set (COMPILE_WARNING_FLAGS "${COMPILE_WARNING_FLAGS} -Wno-format")
      -  endif (CMAKE_COMPILER_IS_GNUCC)
      +  endif (BUILD_WITH_CXX AND CMAKE_COMPILER_IS_GNUCC)
       endif (INTTYPES_AVAILABLE)
       
       add_executable(msgr-recv msgr-recv.c msgr-common.c)
      -- 
      2.22.0
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jdanek Jiri Daněk
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: