* call to ‘fprintf’ from within signal handler [CWE-479]
@ 2020-07-16 8:49 Jeffrey Walton
2020-07-16 13:55 ` Mark Wielaard
0 siblings, 1 reply; 3+ messages in thread
From: Jeffrey Walton @ 2020-07-16 8:49 UTC (permalink / raw)
To: bzip2-devel
Hi Everyone,
I'm testing a build with the GCC 10 analyzer. Add -fanalyzer to
CFLAGS. If you need GCC 10, then you can find it on Fedora 32.
The Analyzer is producing a finding:
bzip2.c:677:4: warning: call to ‘fprintf’ from within signal handler
[CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
677 | fprintf (
| ^~~~~~~~~
678 | stderr,
| ~~~~~~~
679 | "\tInput file = %s, output file = %s\n",
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
680 | inName, outName
| ~~~~~~~~~~~~~~~
681 | );
There are two additional findings that are similar.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: call to ‘fprintf’ from within signal handler [CWE-479]
2020-07-16 8:49 call to ‘fprintf’ from within signal handler [CWE-479] Jeffrey Walton
@ 2020-07-16 13:55 ` Mark Wielaard
2020-07-16 15:03 ` Jeffrey Walton
0 siblings, 1 reply; 3+ messages in thread
From: Mark Wielaard @ 2020-07-16 13:55 UTC (permalink / raw)
To: noloader, bzip2-devel
Hi Jeffrey,
On Thu, 2020-07-16 at 04:49 -0400, Jeffrey Walton via Bzip2-devel
wrote:
> I'm testing a build with the GCC 10 analyzer. Add -fanalyzer to
> CFLAGS. If you need GCC 10, then you can find it on Fedora 32.
The GCC -fanalyzer is indeed awesome!
> The Analyzer is producing a finding:
>
> bzip2.c:677:4: warning: call to ‘fprintf’ from within signal handler
> [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
> 677 | fprintf (
> | ^~~~~~~~~
> 678 | stderr,
> | ~~~~~~~
> 679 | "\tInput file = %s, output file = %s\n",
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 680 | inName, outName
> | ~~~~~~~~~~~~~~~
> 681 | );
>
> There are two additional findings that are similar.
That should already have been fixed in git:
commit 8ca1faa31f396d94ab927b257f3a05236c84e330
Author: Mark Wielaard <mark@klomp.org>
Date: Sun May 17 20:02:31 2020 +0200
Don't call unsafe functions from SIGSEGV/SIGBUS signal handler.
GCC10 -fanalyzer notices that we try to call functions that are not
signal safe from our fatal signal handler:
bzip2.c: In function ‘mySIGSEGVorSIGBUScatcher’:
bzip2.c:819:7: warning: call to ‘fprintf’ from within signal handler
[CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
It also notices we then call showFileNames and cleanupAndFail which
also call possibly not signal safe functions.
Just write out the error message directly to STDERR and exit without
trying to clean up any files.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: call to ‘fprintf’ from within signal handler [CWE-479]
2020-07-16 13:55 ` Mark Wielaard
@ 2020-07-16 15:03 ` Jeffrey Walton
0 siblings, 0 replies; 3+ messages in thread
From: Jeffrey Walton @ 2020-07-16 15:03 UTC (permalink / raw)
To: Mark Wielaard; +Cc: bzip2-devel
On Thu, Jul 16, 2020 at 9:55 AM Mark Wielaard <mark@klomp.org> wrote:
>
> That should already have been fixed in git:
>
> commit 8ca1faa31f396d94ab927b257f3a05236c84e330
> Author: Mark Wielaard <mark@klomp.org>
> Date: Sun May 17 20:02:31 2020 +0200
Oh, sorry about that. I did not think to check master.
Jeff
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-16 15:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-16 8:49 call to ‘fprintf’ from within signal handler [CWE-479] Jeffrey Walton
2020-07-16 13:55 ` Mark Wielaard
2020-07-16 15:03 ` Jeffrey Walton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).