From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by sourceware.org (Postfix) with ESMTPS id 53688385C325 for ; Fri, 10 Jun 2022 17:20:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 53688385C325 Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 25AEOi2E013371; Fri, 10 Jun 2022 17:20:56 GMT Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3gfydqx5bp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Jun 2022 17:20:56 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.16.1.2/8.16.1.2) with SMTP id 25AHGrT3033282; Fri, 10 Jun 2022 17:20:55 GMT Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2104.outbound.protection.outlook.com [104.47.55.104]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com with ESMTP id 3gfwu66a9e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Jun 2022 17:20:55 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TpAdBqrR3RlYvtI+5KDQNWWsnbYUR6b4VnUMLL16J4/wI1vSBolSkIZfIyIl2spW3mJ28md3xfLxRMrBotTDP9CUCgU8XxyTbH6lm6VG1JuOL6pgdFOlz5c9ECpzP+F7scjmnA7U7exx3F7iaK007nSEhAuV5Cw8PSvrGLkQ8HJuFGnSLCmzkG4W0D3LEPyaEulBm9SXRUY9HFONXqQph5ORP+OXaQExekuc0JOGcBq4wIV265kzQuh1dGqvc1Xa6FOe23FijpAZZ9rHrQH6VtgNR0YKWaKuqypb5p46dRTZlBByznxcoL64KlZGwRMRkwaMJBRreWxRtlGooXGw+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dYl4ooYo2imiCh28yVWVcaSSkgPAJHbCl1VPGHaXt8Y=; b=Mjvb3OQbgAR8kqq23GWldUCf1I/gYfYDctg+c4ppWIV8OZbFykZcD5UqPpKbCzgVs6ZWXMnqTxnb4P4xsw6EI8yBxnM94xipGepTZZxxF8QSfKNz5XaOeIjLbtsl+lSn1B3vOeAvNq6kndrfydP2XP3FNzwvzWGisY8EvyIlurNCGlAkCSRF8hjpWSrCjX0VjhOz1dB9Kz0RwURtXkGodybsr9OfYN5djczuxDRSU+Uumj8GtFGm5vd31O1F14wN8kMjIwW8qvGT3epl8btspmk/aSgQzZpaBKx/pCE0NoAOqyXih2c/J2rhrtwl1pgBEWjdUMPYBI8THzoUBpooqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none Received: from PH0PR10MB4629.namprd10.prod.outlook.com (2603:10b6:510:31::10) by DM6PR10MB2937.namprd10.prod.outlook.com (2603:10b6:5:69::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.14; Fri, 10 Jun 2022 17:20:53 +0000 Received: from PH0PR10MB4629.namprd10.prod.outlook.com ([fe80::5168:5257:a83f:4f20]) by PH0PR10MB4629.namprd10.prod.outlook.com ([fe80::5168:5257:a83f:4f20%6]) with mapi id 15.20.5332.013; Fri, 10 Jun 2022 17:20:52 +0000 Message-ID: <830ae07b-3c4a-4716-7666-6e7d9cf422d1@oracle.com> Date: Fri, 10 Jun 2022 10:20:50 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 Subject: Fwd: Werror=format-security issue from gprofng/src/Print.cc Content-Language: en-US To: gdb@sourceware.org, yyc1992@gmail.com References: From: Vladimir Mezentsev In-Reply-To: X-ClientProxiedBy: SN7P220CA0019.NAMP220.PROD.OUTLOOK.COM (2603:10b6:806:123::24) To PH0PR10MB4629.namprd10.prod.outlook.com (2603:10b6:510:31::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0c583735-ebad-485a-6b16-08da4b059211 X-MS-TrafficTypeDiagnostic: DM6PR10MB2937:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KVS6QW8UHR8NDgUgaKHSH/ebwF3ALPJYFKod2BMLoSnnUlIJuyejDXODzK2CFM2DaB2uIiRYVuxgILJNRejLnRHJZeivFYMMabGBzZARuCkLOmca3AP7KOhmEXQaGBAtM9xmRptKdlylr4LVktJQeo1VunLL6QcYNHMX7G7J1Wae8VeyoPTliLVDdLqv2tnNFQn597x/utDRyYcGpV3gvJcTjFyPGezlNGH1AAwVPcynpCO4KaoQuyTpOojt+UgFLPr+luuzCVV8qf0gJilKTskMvLyrvwgwt2XGgOSGT/JQAgsosdzcPtdq34TE3r8c6XBML8X/7OSGOx9iAUsw39RWIQSKOg9krZ83mK1zu3XpKGycm3xjKrItmFnj2pCzKZoNpm7hFoxiDSTOlJIDcBhEI+Pay+AbFqK5YAw1SGygLAnELurm0+v4qDt7fTcH1ZCpwjj4o1fE4F+vkYJx8aE11DLXririjCHeEkZplG3AiOYnRlG7u2JPiUp++ODWiaRDzpWtIa2rVmNC1AJyh9tzDrrYuXZWj0uS5rj3lig53AXv1hr3IPOLPVeeXBpcVGkd+y3R7qlLR7UdsNflLmJKu13HUFfnnfWL5sv5VQxtByObORuRH4WwmP8iqayFc0j1m+eiGGilyUjmF3jJY3gyGxMBxCkv4rAnl3pfLp6pQ+1ZHKFB1EFHTXsIyL8/7QG3r3uR1c/RPJXuWUa6q6cR+7A+wQhOXN5Vj+PBv2xd6nilElrgMjq6aWBfLLlP3WRfvNsmbU4IuZbayZ45q70nlO4fpflq2WdhhrDFjTplGzrkoZuOOl1T5RRtchyeQrVgw9F32DuFTwq15Qd4FvuLlAA589M7B+1HzgMc2PE= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR10MB4629.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(31686004)(36756003)(316002)(2906002)(83380400001)(15650500001)(2616005)(186003)(8936002)(31696002)(508600001)(8676002)(66946007)(44832011)(66556008)(6512007)(66476007)(166002)(5660300002)(6506007)(6486002)(33964004)(966005)(38100700002)(86362001)(45980500001)(43740500002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TXA0bWdMSnJYVmlLS1cwNmZseUxjcXh3L01sYUJYb2RKd1hML00yWlMramRx?= =?utf-8?B?L1JUc3h1bHFRcFVzSERYT01CakllbFExL3g4SEFLNkFKRVdFWDJvc0cxd21W?= =?utf-8?B?N3M1aGZqQTIvYUF5amtqNmV5WTRCSUxEVUJPQlJjR1M0RG1SL0o3UTNneVN0?= =?utf-8?B?RWx6ZEpCK3UzS0dOcjBHZlVNY3JMUjJVWkNTZ3RPUWkvc0VKWWZNNlJCWi92?= =?utf-8?B?MnJNc1UrNE9IbjdxY0Jrd3FSTDQ2Z1VxMEFDRUFNaERZRUhwcWNWcy95QkRP?= =?utf-8?B?N3lwOWtFZzAwaW11cDBBRzFBdUZnZld3QVV4SVFDZTc1ejNUTEJnbjVnWUZv?= =?utf-8?B?bWNKMm54R2F5NHllcTJxNm5wR0dqLzNFSXh0VFIwY0RhNkQwL2lMekg5KzY3?= =?utf-8?B?UVNQR2ZYTUg3d0p5M2tHRVZnb01rRVRQTVdFajRaKzRJamV4SzZCbHZSREts?= =?utf-8?B?a1VWaU1WZ25KaGZ1STkxeVY1QXBvMFNUeVBrZGFyMnZZQzhUMEdPNnZKb1c3?= =?utf-8?B?cjdxMEFiUGxEM0h6aUFiZmlGeUxndXpad0RzMmFkOWlkb0krdTR2RkVseFVG?= =?utf-8?B?UDU1R0NsdEJBSVgvRTJXUzFGaUk0bWtlZjlOQUxEektnUk5ia3VFYldwZEUr?= =?utf-8?B?OXJlRU11bTc0T0FLbVlPR2RNRTBMUXIzMTJTVFhIeVlHdXZnbXZ0dW80emho?= =?utf-8?B?WndkdVJSQmhsOWNyWjFmaHdkaER4cFJMcUEvU2IwUXlZODBZQi9VdldVZ3JO?= =?utf-8?B?NEx6WHFtSVhZbVlSUG9PbmxidmhhREZmL0VJMjNyTDB6clFHSFJ2aVMraUlp?= =?utf-8?B?VmZWNXJ4Z0lTQXVYSHM0VHM1c2VpWjU0dGp6eEoxck9nMFlROWhRWG9SNEI3?= =?utf-8?B?Mzc3QnU4dTZjcFo0UVBTVW1iaVNZL0ZYQ0xza2c4WXBxbzdjRmZIVkZQVUZo?= =?utf-8?B?U3V1eU1IRFozWDltL2o5dlRheGZqTUpJNFltdERoL0lvSmF2V2F2Um1Oa1Yx?= =?utf-8?B?Qm5hbFVJbnk0aU1sbENnZ0szOHlNNkdBNHloSDhNYnJBcGxSdmxVUDBlSis3?= =?utf-8?B?MzJtTURkbVVJdEJZZysrT1ZlblZtL052K1pnSFFhUU94VDhUeXhFd3N4ZU14?= =?utf-8?B?UVQ3azF6N0RRRHcvcFpXNnVma0FRK21OV2tpM1lpRWMyOVN0WUFxTnJuZXp0?= =?utf-8?B?OHpPcmk1MkxkYklKRUtiR0ttRzZtOVlrZWtJNjJyOWoxOVJDN3YydS8weXZC?= =?utf-8?B?RCtyNnhVSjlmd1NEcGhyU0J3Q1J5UEthSFJsMEZucENESVFIM2pabDdCN3pa?= =?utf-8?B?dUlST25SS254L21ZV3hneWRNOEhRNHBMcXhQZDg2Y3hoYUxjbVNWTWNGZmRK?= =?utf-8?B?dGU5UlR0Z2lEVFF5Zy9qcmtDUGNZdWd3QUtiQzdwZ2NWdmNSdjRtVmZaaHNq?= =?utf-8?B?MUF5RGY4TENQaHR4K3FYZWhyTE45WVdZbmlUbmVublhQRnY4VjRUZ1FvUzZi?= =?utf-8?B?d2NRR0ZNWG11YXpQeFRDazA5VlVBSUNxWnM0bkpZaVhZeHhHK3FaTGxlWFhE?= =?utf-8?B?N1kzc25IdWw2VmwwbzhoK1gyMGlUMzl1Wjh5MzdyZzl1dmxPQXpHaGp5RFNE?= =?utf-8?B?bm9aT2ZGUHV6Qk0ySEsxYUlSZ0dXa1RNbjZYQnlXTjMyWWl0bzZENGNuSGFl?= =?utf-8?B?NFV0WTBrN0NiYjhwOWJ3dDlnVG1DRWRldGlLQnYySjVGY0VvNERvNC9KYURa?= =?utf-8?B?bzlIWUc2SUt0YURBWmRSUW42YVRXWk5La1pZK1ZGUWtUaWdRd2dvdFBnVnVW?= =?utf-8?B?amlGL3l6QnV3ZXJtRWgzV0IxbkZVbFVEbXRaN2JPZUNiNWRnSnRralNGcmNT?= =?utf-8?B?eTZBL1ROY3U1V0hSSGxoZFdtSDBMS3hHbUhXM3RQUGxIdE5COGJYRTdPZUR5?= =?utf-8?B?cnVGMzRFOTFUWSt5WjVNb0plS0ZYSzg4bzgvQk9xd3FDMTNCa09waUFGMlRs?= =?utf-8?B?R0hnWUtMNjJST01rRnJHWUR4QWZzSFIxUEVXRFFSV1Jad045cTlRUE02V2t5?= =?utf-8?B?YkIvNWNVOU9PeHQreXlvTTVVZ0gvRW5rbzAvVVNZdEdDd1U4d2hwSDRvQ3p4?= =?utf-8?B?d0RqRHcyUHllOE5XMGg4OGl2WVZNeWVoZTJBM0tITmtPNVZyM3oyeS9zdGxK?= =?utf-8?B?TTJmR24xZkYrc3kyNUFsbGNUaDNQeWtNQWZENkZuNWhTbUVadWRaUEJyRStI?= =?utf-8?B?T2E5dlRQYkxDYkQrR2xRYXFPUGNvWTIremFQODh5SklaT2ZOaG9QM01pa2tj?= =?utf-8?B?N0kvMS9oRGIxVmZTcnZqakF1OEtKcHhNQTljMmhWKzNzUVhHNmRuVER2NnNL?= =?utf-8?Q?tDHyml/xqY3UrzuR6W6GqMhc3D7nDLKZRw78GQVbwzUA7?= X-MS-Exchange-AntiSpam-MessageData-1: nJ34/AOUMJIYmg== X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0c583735-ebad-485a-6b16-08da4b059211 X-MS-Exchange-CrossTenant-AuthSource: PH0PR10MB4629.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jun 2022 17:20:52.5287 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zzqpelT2CcmYCpYw8qGDkPWUA03KB9eSfy33gIz7MW/GKmk2d2YqiMWQB0t7UUDXMk5hFXWLcoCZD7fHMRAA5rDEqfasHw6Te2gA0RLKX2k= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR10MB2937 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517, 18.0.874 definitions=2022-06-10_06:2022-06-09, 2022-06-10 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 bulkscore=0 spamscore=0 phishscore=0 mlxscore=0 adultscore=0 suspectscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2206100068 X-Proofpoint-GUID: n0yewEyJQ0jaZbicbKjkpqgggeGS_LR2 X-Proofpoint-ORIG-GUID: n0yewEyJQ0jaZbicbKjkpqgggeGS_LR2 X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, HTML_MESSAGE, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2022 17:21:00 -0000  This is 28968 - gprofng doesn't build with -Werror=format-security I'm working on it. I'll fix it by Monday/Tuesday. -Vladimir > Vladimir, can you look at this? > > > > -------- Forwarded Message -------- > Subject: Werror=format-security issue from gprofng/src/Print.cc > Date: Tue, 7 Jun 2022 10:49:50 -0400 > From: Yichao Yu via Gdb > Reply-To: Yichao Yu > To: gdb@sourceware.org > > > > I got a format-security werror on gprofng/src/Print.cc when trying to > build the master version of gdb (the compiler flag is added by the > archlinuxcn build machine). > > While I could disable the flag, I think there might be a real issue > looking at the code. > > The line that causes the issue is > https://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616, > which uses a "dynamic" format string without any argument. AFAICT, the > fmt3 is only ever initialized in > `er_print_experiment::overview_summary` and if I read it correctly, > it's initialized to a string with no actual formatting inputs other > than a `%%`. It is used, however, twice in > `er_print_experiment::overview_value`, one given two zeros as the > arguments and one given no arguments so it looks a bit suspicious. > > The git log shows now history of this file so I'm not sure what's the > intention but my best guess is > > 1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using > `fmt4`. (I assume this is to avoid nan from total_value = 0), or > 2. since fmt3 is actually a string that's more or less "0.0 (0.0)" > with padding, the two `0.`s passed to fmt3 are probably bogus and it > should be the same as the `fprintf (out_file, fmt3);` below > > if my understanding is correct, I think in either case one can simply > avoid using fmt3 with fprintf by just removing the extra % from it and > directly write it to the output instead. (i.e. > https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905) > Did I miss anything? > > Yichao