* Werror=format-security issue from gprofng/src/Print.cc @ 2022-06-07 14:49 Yichao Yu [not found] ` <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com> 0 siblings, 1 reply; 3+ messages in thread From: Yichao Yu @ 2022-06-07 14:49 UTC (permalink / raw) To: gdb I got a format-security werror on gprofng/src/Print.cc when trying to build the master version of gdb (the compiler flag is added by the archlinuxcn build machine). While I could disable the flag, I think there might be a real issue looking at the code. The line that causes the issue is https://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616, which uses a "dynamic" format string without any argument. AFAICT, the fmt3 is only ever initialized in `er_print_experiment::overview_summary` and if I read it correctly, it's initialized to a string with no actual formatting inputs other than a `%%`. It is used, however, twice in `er_print_experiment::overview_value`, one given two zeros as the arguments and one given no arguments so it looks a bit suspicious. The git log shows now history of this file so I'm not sure what's the intention but my best guess is 1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using `fmt4`. (I assume this is to avoid nan from total_value = 0), or 2. since fmt3 is actually a string that's more or less "0.0 (0.0)" with padding, the two `0.`s passed to fmt3 are probably bogus and it should be the same as the `fprintf (out_file, fmt3);` below if my understanding is correct, I think in either case one can simply avoid using fmt3 with fprintf by just removing the extra % from it and directly write it to the output instead. (i.e. https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905) Did I miss anything? Yichao ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com>]
* Fwd: Werror=format-security issue from gprofng/src/Print.cc [not found] ` <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com> @ 2022-06-10 17:20 ` Vladimir Mezentsev 2022-06-12 22:29 ` Yichao Yu 0 siblings, 1 reply; 3+ messages in thread From: Vladimir Mezentsev @ 2022-06-10 17:20 UTC (permalink / raw) To: gdb, yyc1992 This is 28968 <https://sourceware.org/bugzilla/show_bug.cgi?id=28968> - gprofng doesn't build with -Werror=format-security I'm working on it. I'll fix it by Monday/Tuesday. -Vladimir > Vladimir, can you look at this? > > > > -------- Forwarded Message -------- > Subject: Werror=format-security issue from gprofng/src/Print.cc > Date: Tue, 7 Jun 2022 10:49:50 -0400 > From: Yichao Yu via Gdb<gdb@sourceware.org> > Reply-To: Yichao Yu<yyc1992@gmail.com> > To: gdb@sourceware.org > > > > I got a format-security werror on gprofng/src/Print.cc when trying to > build the master version of gdb (the compiler flag is added by the > archlinuxcn build machine). > > While I could disable the flag, I think there might be a real issue > looking at the code. > > The line that causes the issue is > https://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616, > which uses a "dynamic" format string without any argument. AFAICT, the > fmt3 is only ever initialized in > `er_print_experiment::overview_summary` and if I read it correctly, > it's initialized to a string with no actual formatting inputs other > than a `%%`. It is used, however, twice in > `er_print_experiment::overview_value`, one given two zeros as the > arguments and one given no arguments so it looks a bit suspicious. > > The git log shows now history of this file so I'm not sure what's the > intention but my best guess is > > 1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using > `fmt4`. (I assume this is to avoid nan from total_value = 0), or > 2. since fmt3 is actually a string that's more or less "0.0 (0.0)" > with padding, the two `0.`s passed to fmt3 are probably bogus and it > should be the same as the `fprintf (out_file, fmt3);` below > > if my understanding is correct, I think in either case one can simply > avoid using fmt3 with fprintf by just removing the extra % from it and > directly write it to the output instead. (i.e. > https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905) > Did I miss anything? > > Yichao ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Werror=format-security issue from gprofng/src/Print.cc 2022-06-10 17:20 ` Fwd: " Vladimir Mezentsev @ 2022-06-12 22:29 ` Yichao Yu 0 siblings, 0 replies; 3+ messages in thread From: Yichao Yu @ 2022-06-12 22:29 UTC (permalink / raw) To: Vladimir Mezentsev; +Cc: gdb On Fri, Jun 10, 2022 at 1:20 PM Vladimir Mezentsev < vladimir.mezentsev@oracle.com> wrote: > > This is 28968 <https://sourceware.org/bugzilla/show_bug.cgi?id=28968> - > gprofng doesn't build with -Werror=format-security > > I'm working on it. I'll fix it by Monday/Tuesday. > Awesome! There are a few more cases that are less of a logical issue (not used with variable number of arguments) glad it's being taken care of. Yichao > > -Vladimir > > > Vladimir, can you look at this? > > > > -------- Forwarded Message -------- > Subject: Werror=format-security issue from gprofng/src/Print.cc > Date: Tue, 7 Jun 2022 10:49:50 -0400 > From: Yichao Yu via Gdb <gdb@sourceware.org> <gdb@sourceware.org> > Reply-To: Yichao Yu <yyc1992@gmail.com> <yyc1992@gmail.com> > To: gdb@sourceware.org > > > > I got a format-security werror on gprofng/src/Print.cc when trying to > build the master version of gdb (the compiler flag is added by the > archlinuxcn build machine). > > While I could disable the flag, I think there might be a real issue > looking at the code. > > The line that causes the issue ishttps://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616, > which uses a "dynamic" format string without any argument. AFAICT, the > fmt3 is only ever initialized in > `er_print_experiment::overview_summary` and if I read it correctly, > it's initialized to a string with no actual formatting inputs other > than a `%%`. It is used, however, twice in > `er_print_experiment::overview_value`, one given two zeros as the > arguments and one given no arguments so it looks a bit suspicious. > > The git log shows now history of this file so I'm not sure what's the > intention but my best guess is > > 1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using > `fmt4`. (I assume this is to avoid nan from total_value = 0), or > 2. since fmt3 is actually a string that's more or less "0.0 (0.0)" > with padding, the two `0.`s passed to fmt3 are probably bogus and it > should be the same as the `fprintf (out_file, fmt3);` below > > if my understanding is correct, I think in either case one can simply > avoid using fmt3 with fprintf by just removing the extra % from it and > directly write it to the output instead. (i.e.https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905) > Did I miss anything? > > Yichao > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-12 22:30 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-06-07 14:49 Werror=format-security issue from gprofng/src/Print.cc Yichao Yu [not found] ` <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com> 2022-06-10 17:20 ` Fwd: " Vladimir Mezentsev 2022-06-12 22:29 ` Yichao Yu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).