[Gluster-devel] glusterfs-3.3.0qa34 released
Patrick Matthäi
pmatthaei at debian.org
Tue Apr 10 19:59:27 UTC 2012
Am 10.04.2012 21:50, schrieb Jeff Darcy:
> On 04/10/2012 03:29 PM, Patrick Matthäi wrote:
>> it fails to build from source with hardening build flags enabled:
>>
>> gcc -DHAVE_CONFIG_H -I. -I. -I../../../..
>> -I../../../../libglusterfs/src -I../../../../contrib/uuid
>> -D_FORTIFY_SOURCE=2 -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall
>> -DGF_LINUX_HOST_OS -I../../../../libglusterfs/src
>> -I../../../../xlators/lib/src -I../../../../rpc/rpc-lib/src -shared
>> -nostartfiles -O0 -g -O2 -fstack-protector --param=ssp-buffer-size=4
>> -Wformat -Wformat-security -Werror=format-security -Wall -c
>> afr-lk-common.c -o afr-lk-common.o >/dev/null 2>&1
>> gcc -DHAVE_CONFIG_H -I. -I. -I../../../..
>> -I../../../../libglusterfs/src -I../../../../contrib/uuid
>> -D_FORTIFY_SOURCE=2 -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall
>> -DGF_LINUX_HOST_OS -I../../../../libglusterfs/src
>> -I../../../../xlators/lib/src -I../../../../rpc/rpc-lib/src -shared
>> -nostartfiles -O0 -g -O2 -fstack-protector --param=ssp-buffer-size=4
>> -Wformat -Wformat-security -Werror=format-security -Wall -c
>> afr-self-heald.c -fPIC -DPIC -o .libs/afr-self-heald.o
>> afr-self-heald.c: In function '_crawl_proceed':
>> afr-self-heald.c:398:17: error: format not a string literal and no
>> format arguments [-Werror=format-security]
>> afr-self-heald.c:398:17: error: format not a string literal and no
>> format arguments [-Werror=format-security]
>> cc1: some warnings being treated as errors
>> make[6]: *** [afr-self-heald.lo] Error 1
>
> Today I learned that -Werror=format-security generates totally bogus errors.
> If you look at the code you'd see it's *no different* security-wise than if it
> had been a string literal (which it was one line earlier) and it doesn't
> contain any % substitutions anyway. There are many tools to do this sort of
> checking correctly, and I'd be totally in favor of fixing defects that they
> report, but working around gcc bugs is pretty irksome.
The "problem" is, that the % substitution is missing, so:
gf_log (this->name, GF_LOG_ERROR, msg);
should become:
gf_log (this->name, GF_LOG_ERROR, "%s", msg);
I didn't checked if this was introduced in other places, too.
In 3.2.5 there was a simmilar fault, which my co-maintainer of the
glusterfs packaging has been fixed:
http://review.gluster.com/#change,2598
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
E-Mail: pmatthaei at debian.org
patrick at linux-dev.org
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20120410/459bb0db/attachment-0003.sig>
More information about the Gluster-devel
mailing list