Skip to content

build: fix -Wformat-security check when compiling with GCC #18882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2020
Merged

build: fix -Wformat-security check when compiling with GCC #18882

merged 1 commit into from
Jul 15, 2020

Conversation

fanquake
Copy link
Member

@fanquake fanquake commented May 5, 2020

GCC expects -Wformat to be passed with -Wformat-security, which means
when we test for it in configure it currently fails:

checking whether C++ compiler accepts -Wformat-security... no
...
configure:15907: checking whether C++ compiler accepts -Wformat-security
configure:15926: g++ -std=c++11 -c -g -O2 -Werror -Wformat-security  conftest.cpp >&5
cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
cc1plus: all warnings being treated as errors

and never gets added to our CXX flags. Note that Clang does not have this requirement and the check is working correctly there.

The change in this PR is the simple fix, however we might want to consider using something like -Wformat=2 in future, which in GCC is equivalent to -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k. and similar in Clang.

@fanquake fanquake mentioned this pull request May 5, 2020
Closed
@maflcko
Copy link
Member

maflcko commented May 5, 2020

I don't think we use printf, do we?

vasild
vasild reviewed May 5, 2020
View reviewed changes
configure.ac Outdated
AX_CHECK_COMPILE_FLAG([-Wformat-security],[WARN_CXXFLAGS="$WARN_CXXFLAGS -Wformat-security"],,[[$CXXFLAG_WERROR]])
AX_CHECK_COMPILE_FLAG([-Wformat -Wformat-security],[WARN_CXXFLAGS="$WARN_CXXFLAGS -Wformat-security"],,[[$CXXFLAG_WERROR]])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is counter intuitive to test whether flag X is supported and if yes, then compile with flag Y. IMO it is better to always have X equal to Y. In this particular case the code would depend on -Wformat being already set from somewhere else and would break if that is removed.

Having that in mind, would it be better to test whether -Wformat -Wformat-security is supported and if yes, then enable -Wformat -Wformat-security? We would end up with -Wformat being mentioned twice in the flags, but there is no downside to that?

@DrahtBot
Copy link
Contributor

DrahtBot commented May 5, 2020
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@fanquake
Copy link
Member Author

fanquake commented May 6, 2020

Looks like the issue here is more nuanced. -Wformat-security will be accepted alone by Ubuntu GCC, but not Debian GCC:

# cat /etc/debian_version 
bullseye/sid

# g++ --version
g++ (Ubuntu 9.3.0-10ubuntu2) 9.3.0
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

# g++ test.cpp -Wformat-security
#
# cat /etc/debian_version 
bullseye/sid

# g++ --version
g++ (Debian 9.3.0-11) 9.3.0
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

# g++ test.cpp -Wformat-security
cc1plus: warning: '-Wformat-security' ignored without '-Wformat' [-Wformat-security]
#

I think I'll just look at switching to -Wformat=2. That should achieve the same result without the need for any additional flags.

@laanwj
Copy link
Member

laanwj commented May 6, 2020
edited
Loading

I don't think we use printf, do we?

I also wonder. Not that it hurts to enable the warning, but it seems pointless for our project.

@maflcko
Copy link
Member

maflcko commented May 6, 2020

Is the reason so that we check during compilation of subtrees or header files of libs?

@DrahtBot DrahtBot mentioned this pull request May 9, 2020
Merged
@bitcoin bitcoin deleted a comment from DrahtBot May 28, 2020
@bitcoin bitcoin deleted a comment from DrahtBot May 28, 2020
@DrahtBot
Copy link
Contributor

🐙 This pull request conflicts with the target branch and needs rebase.

@fanquake fanquake force-pushed the fix_gcc_wformat_security branch from 3c04a7a to 987c7df Compare July 15, 2020 09:48
@fanquake
build: fix -Wformat-security check when compiling with GCC
6cef365 
Debian GCC ignores -Wformat-security, without -Wformat, which
means when we test for it, it currently fails:

```bash
checking whether C++ compiler accepts -Wformat-security... no
...
configure:15907: checking whether C++ compiler accepts -Wformat-security
configure:15926: g++ -std=c++11 -c -g -O2 -Werror -Wformat-security  conftest.cpp >&5
cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
cc1plus: all warnings being treated as errors
```

Fix this by just combining the -Wformat and -Wformat-security checks
together.
@fanquake fanquake force-pushed the fix_gcc_wformat_security branch from 987c7df to 6cef365 Compare July 15, 2020 09:50
@fanquake
Copy link
Member Author

I've modified the change to just combine the checking for -Wformat and -Wformat-security. This will fix the issue with Debian GCC, and worked fine with all of the compilers I tested which included:

Apple Clang: 11.0.3 (clang-1103.0.32.62)
Alpine GCC: gcc (Alpine 9.3.0) 9.3.0
Debian GCC: gcc (Debian 8.3.0-6) 8.3.0
Fedora GCC: gcc (GCC) 10.1.1 20200507 (Red Hat 10.1.1-1)
LLVM Clang: 10.0.0
Ubuntu GCC: gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0

@vasild and maybe @hebasto would you like to take another look?

@maflcko
Copy link
Member

maflcko commented Jul 15, 2020

Any reason to not use wformat=2 as pointed out in OP?

@fanquake
Copy link
Member Author

Any reason to not use wformat=2 as pointed out in OP?

I don't have the details on hand, but I remember it was generating additional warnings in in some dependencies.

@practicalswift
Copy link
Contributor

ACK 6cef365

No harm in fixing this.

@hebasto
Copy link
Member

hebasto commented Jul 15, 2020

Concept ACK.

FWIW, the -Wformat diagnostic is enabled by default in Clang, and it is enabled by the -Wall (which is already in use) in GCC.

@laanwj
Copy link
Member

laanwj commented Jul 15, 2020

ACK 6cef365

@laanwj laanwj merged commit 2c4093e into bitcoin:master Jul 15, 2020
@fanquake fanquake deleted the fix_gcc_wformat_security branch July 15, 2020 12:22
hebasto
hebasto reviewed Jul 15, 2020
View reviewed changes
Copy link
Member

@hebasto hebasto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

post-merge ACK 6cef365, tested on Debian 10.4 (GCC 8.3.0).

@vasild
Copy link
Contributor

vasild commented Jul 16, 2020

ACK 6cef365

Excellent: test if -Wformat -Wformat-security is supported and if yes, then enable -Wformat -Wformat-security. KISS.

@bitcoin bitcoin locked as resolved and limited conversation to collaborators Feb 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@hebasto hebasto hebasto left review comments

+1 more reviewer

@vasild vasild vasild left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Build system
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@fanquake @maflcko @DrahtBot @laanwj @practicalswift @hebasto @vasild