From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yyc1992@gmail.com>
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com
 [IPv6:2a00:1450:4864:20::22e])
 by sourceware.org (Postfix) with ESMTPS id 8DBF53858286
 for <gdb@sourceware.org>; Sun, 12 Jun 2022 22:30:02 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8DBF53858286
Received: by mail-lj1-x22e.google.com with SMTP id c30so4413133ljr.9
 for <gdb@sourceware.org>; Sun, 12 Jun 2022 15:30:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=f7vZ078Fu6bbUqFvkZiTOX/HV0IOw/Vc/XC2QXjQjd0=;
 b=Ngw/PR79Qo6qe11mERt/mzBAAjCqdeYdd5idujpx5cwBXqbH83cIXd969BqzL28/P+
 GXnQHZrivFj5L9sXu7iPJ5umMLzypLjDIC2I6Va8NepwoI013jNvEs0Gr/4aX3ji+TCB
 fdtyp0Gxbn2Ar5oRI6kRzZXZFUCcYnh568V3vYogHHGkPjiUSpyoX91M1hd5UUJzla3v
 3u8DfM3uNXrj4xQ2Qj6stMOZztRsruS5tGYEucC9QtjzGM7Vf+AE6T5nyCoHQ7Lf/bi5
 vb0c+oG3a5N8RYJWtXj2/qv9b1EwOUTFM+MVzEzuehw7vSjYgNn0aMy3pDpypJJ45KB9
 /XuA==
X-Gm-Message-State: AOAM530sURTDNsFyxIlIS2NMxm0Kmyy25NjunNQ8LjeKoutjcOZ5I/Cs
 aP8Xh90zohmwDmvvD2kF6ldgUGi0cTmLsJy2bvk=
X-Google-Smtp-Source: ABdhPJyrmrIRA6B/UuqPKkQLSHqh8A3JjL/VtT/7NxKOG2k+igkFU+HvES6mzxeFT4cOjcu3I8qwblzwEUQl4syncA8=
X-Received: by 2002:a05:651c:a11:b0:255:af78:48d9 with SMTP id
 k17-20020a05651c0a1100b00255af7848d9mr15012869ljq.508.1655073000769; Sun, 12
 Jun 2022 15:30:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAMvDr+St65VrE2-_boON-m_Ph0A4MhPWFUGqWd9xZ1HQ-z+oxg@mail.gmail.com>
 <fdb91dc6-2e5d-fd95-1cf6-56a1839ff231@oracle.com>
 <830ae07b-3c4a-4716-7666-6e7d9cf422d1@oracle.com>
In-Reply-To: <830ae07b-3c4a-4716-7666-6e7d9cf422d1@oracle.com>
From: Yichao Yu <yyc1992@gmail.com>
Date: Sun, 12 Jun 2022 18:29:49 -0400
Message-ID: <CAMvDr+Rzr4dgixECk8EyutDfW_YN4vBkK0aza+2e50APyc8nFA@mail.gmail.com>
Subject: Re: Werror=format-security issue from gprofng/src/Print.cc
To: Vladimir Mezentsev <vladimir.mezentsev@oracle.com>
Cc: gdb@sourceware.org
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,
 FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jun 2022 22:30:04 -0000

On Fri, Jun 10, 2022 at 1:20 PM Vladimir Mezentsev <
vladimir.mezentsev@oracle.com> wrote:

>
>  This is  28968 <https://sourceware.org/bugzilla/show_bug.cgi?id=28968> -
> gprofng doesn't build with -Werror=format-security
>
> I'm working on it. I'll fix it by Monday/Tuesday.
>

Awesome!
There are a few more cases that are less of a logical issue (not used with
variable number of arguments)
glad it's being taken care of.

Yichao


>
> -Vladimir
>
>
> Vladimir, can you look at this?
>
>
>
> -------- Forwarded Message --------
> Subject: 	Werror=format-security issue from gprofng/src/Print.cc
> Date: 	Tue, 7 Jun 2022 10:49:50 -0400
> From: 	Yichao Yu via Gdb <gdb@sourceware.org> <gdb@sourceware.org>
> Reply-To: 	Yichao Yu <yyc1992@gmail.com> <yyc1992@gmail.com>
> To: 	gdb@sourceware.org
>
>
>
> I got a format-security werror on gprofng/src/Print.cc when trying to
> build the master version of gdb (the compiler flag is added by the
> archlinuxcn build machine).
>
> While I could disable the flag, I think there might be a real issue
> looking at the code.
>
> The line that causes the issue ishttps://github.com/bminor/binutils-gdb/blob/master/gprofng/src/Print.cc#L2616,
> which uses a "dynamic" format string without any argument. AFAICT, the
> fmt3 is only ever initialized in
> `er_print_experiment::overview_summary` and if I read it correctly,
> it's initialized to a string with no actual formatting inputs other
> than a `%%`. It is used, however, twice in
> `er_print_experiment::overview_value`, one given two zeros as the
> arguments and one given no arguments so it looks a bit suspicious.
>
> The git log shows now history of this file so I'm not sure what's the
> intention but my best guess is
>
> 1. the `fprintf (out_file, fmt3, 0., 0.);` was meant to be using
> `fmt4`. (I assume this is to avoid nan from total_value = 0), or
> 2. since fmt3 is actually a string that's more or less "0.0 (0.0)"
> with padding, the two `0.`s passed to fmt3 are probably bogus and it
> should be the same as the `fprintf (out_file, fmt3);` below
>
> if my understanding is correct, I think in either case one can simply
> avoid using fmt3 with fprintf by just removing the extra % from it and
> directly write it to the output instead. (i.e.https://gist.github.com/yuyichao/7e7cc2f240a1a6e92a1b2a9da8eb3905)
> Did I miss anything?
>
> Yichao
>
>
>