* Werror=format-security issue from gprofng/src/Print.cc
@ 2022-06-07 14:49 Yichao Yu
[not found] ` <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com>
0 siblings, 1 reply; 3+ messages in thread
From: Yichao Yu @ 2022-06-07 14:49 UTC (permalink / raw)
To: gdb
I got a format-security werror on gprofng/src/Print.cc when trying to
build the master version of gdb (the compiler flag is added by the
archlinuxcn build machine).
While I could disable the flag, I think there might be a real issue
looking at the code.
The line that causes the issue is
https://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616,
which uses a "dynamic" format string without any argument. AFAICT, the
fmt3 is only ever initialized in
`er_print_experiment::overview_summary` and if I read it correctly,
it's initialized to a string with no actual formatting inputs other
than a `%%`. It is used, however, twice in
`er_print_experiment::overview_value`, one given two zeros as the
arguments and one given no arguments so it looks a bit suspicious.
The git log shows now history of this file so I'm not sure what's the
intention but my best guess is
1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using
`fmt4`. (I assume this is to avoid nan from total_value = 0), or
2. since fmt3 is actually a string that's more or less "0.0 (0.0)"
with padding, the two `0.`s passed to fmt3 are probably bogus and it
should be the same as the `fprintf (out_file, fmt3);` below
if my understanding is correct, I think in either case one can simply
avoid using fmt3 with fprintf by just removing the extra % from it and
directly write it to the output instead. (i.e.
https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905)
Did I miss anything?
Yichao
^ permalink raw reply [flat|nested] 3+ messages in thread
* Fwd: Werror=format-security issue from gprofng/src/Print.cc
[not found] ` <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com>
@ 2022-06-10 17:20 ` Vladimir Mezentsev
2022-06-12 22:29 ` Yichao Yu
0 siblings, 1 reply; 3+ messages in thread
From: Vladimir Mezentsev @ 2022-06-10 17:20 UTC (permalink / raw)
To: gdb, yyc1992
This is 28968 <https://sourceware.org/bugzilla/show_bug.cgi?id=28968>
- gprofng doesn't build with -Werror=format-security
I'm working on it. I'll fix it by Monday/Tuesday.
-Vladimir
> Vladimir, can you look at this?
>
>
>
> -------- Forwarded Message --------
> Subject: Werror=format-security issue from gprofng/src/Print.cc
> Date: Tue, 7 Jun 2022 10:49:50 -0400
> From: Yichao Yu via Gdb<gdb@sourceware.org>
> Reply-To: Yichao Yu<yyc1992@gmail.com>
> To: gdb@sourceware.org
>
>
>
> I got a format-security werror on gprofng/src/Print.cc when trying to
> build the master version of gdb (the compiler flag is added by the
> archlinuxcn build machine).
>
> While I could disable the flag, I think there might be a real issue
> looking at the code.
>
> The line that causes the issue is
> https://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616,
> which uses a "dynamic" format string without any argument. AFAICT, the
> fmt3 is only ever initialized in
> `er_print_experiment::overview_summary` and if I read it correctly,
> it's initialized to a string with no actual formatting inputs other
> than a `%%`. It is used, however, twice in
> `er_print_experiment::overview_value`, one given two zeros as the
> arguments and one given no arguments so it looks a bit suspicious.
>
> The git log shows now history of this file so I'm not sure what's the
> intention but my best guess is
>
> 1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using
> `fmt4`. (I assume this is to avoid nan from total_value = 0), or
> 2. since fmt3 is actually a string that's more or less "0.0 (0.0)"
> with padding, the two `0.`s passed to fmt3 are probably bogus and it
> should be the same as the `fprintf (out_file, fmt3);` below
>
> if my understanding is correct, I think in either case one can simply
> avoid using fmt3 with fprintf by just removing the extra % from it and
> directly write it to the output instead. (i.e.
> https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905)
> Did I miss anything?
>
> Yichao
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Werror=format-security issue from gprofng/src/Print.cc
2022-06-10 17:20 ` Fwd: " Vladimir Mezentsev
@ 2022-06-12 22:29 ` Yichao Yu
0 siblings, 0 replies; 3+ messages in thread
From: Yichao Yu @ 2022-06-12 22:29 UTC (permalink / raw)
To: Vladimir Mezentsev; +Cc: gdb
On Fri, Jun 10, 2022 at 1:20 PM Vladimir Mezentsev <
vladimir.mezentsev@oracle.com> wrote:
>
> This is 28968 <https://sourceware.org/bugzilla/show_bug.cgi?id=28968> -
> gprofng doesn't build with -Werror=format-security
>
> I'm working on it. I'll fix it by Monday/Tuesday.
>
Awesome!
There are a few more cases that are less of a logical issue (not used with
variable number of arguments)
glad it's being taken care of.
Yichao
>
> -Vladimir
>
>
> Vladimir, can you look at this?
>
>
>
> -------- Forwarded Message --------
> Subject: Werror=format-security issue from gprofng/src/Print.cc
> Date: Tue, 7 Jun 2022 10:49:50 -0400
> From: Yichao Yu via Gdb <gdb@sourceware.org> <gdb@sourceware.org>
> Reply-To: Yichao Yu <yyc1992@gmail.com> <yyc1992@gmail.com>
> To: gdb@sourceware.org
>
>
>
> I got a format-security werror on gprofng/src/Print.cc when trying to
> build the master version of gdb (the compiler flag is added by the
> archlinuxcn build machine).
>
> While I could disable the flag, I think there might be a real issue
> looking at the code.
>
> The line that causes the issue ishttps://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616,
> which uses a "dynamic" format string without any argument. AFAICT, the
> fmt3 is only ever initialized in
> `er_print_experiment::overview_summary` and if I read it correctly,
> it's initialized to a string with no actual formatting inputs other
> than a `%%`. It is used, however, twice in
> `er_print_experiment::overview_value`, one given two zeros as the
> arguments and one given no arguments so it looks a bit suspicious.
>
> The git log shows now history of this file so I'm not sure what's the
> intention but my best guess is
>
> 1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using
> `fmt4`. (I assume this is to avoid nan from total_value = 0), or
> 2. since fmt3 is actually a string that's more or less "0.0 (0.0)"
> with padding, the two `0.`s passed to fmt3 are probably bogus and it
> should be the same as the `fprintf (out_file, fmt3);` below
>
> if my understanding is correct, I think in either case one can simply
> avoid using fmt3 with fprintf by just removing the extra % from it and
> directly write it to the output instead. (i.e.https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905)
> Did I miss anything?
>
> Yichao
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-12 22:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-07 14:49 Werror=format-security issue from gprofng/src/Print.cc Yichao Yu
[not found] ` <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com>
2022-06-10 17:20 ` Fwd: " Vladimir Mezentsev
2022-06-12 22:29 ` Yichao Yu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).