Bug 1370637

Summary: _FORTIFY_SOURCE=2 in default XCFLAGS causes NSS build failure with devtoolset-4
Product: Red Hat Enterprise Linux 6 Reporter: Kai Engert (:kaie) (inactive account) <kengert>
Component: nssAssignee: nss-nspr-maint <nss-nspr-maint>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.8CC: dueno, fweimer, hkario, huzaifas, rrelyea, thoger
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-26 20:55:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1298690    

Description Kai Engert (:kaie) (inactive account) 2016-08-26 20:40:23 UTC 
I'm working on bug 1298690, which requires to build NSS with the newer gcc compiler 5.3.1 included in devtoolset-4.

I'm getting build failures:

h_page.c: In function 'overflow_page':
h_page.c:985:4: error: ignoring return value of 'fwrite', declared with attribute warn_unused_result [-Werror=unused-result]
    (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);
    ^
h_page.c:1000:4: error: ignoring return value of 'fwrite', declared with attribute warn_unused_result [-Werror=unused-result]
    (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);
    ^
h_page.c:1026:5: error: ignoring return value of 'fwrite', declared with attribute warn_unused_result [-Werror=unused-result]
     (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);


These are apparently caused by the following combination:

- fwrite defined with __wur in /usr/include/stdio.h

  extern size_t fwrite (__const void *__restrict __ptr, size_t __size,
                        size_t __n, FILE *__restrict __s) __wur;

- __wur defined as __attribute_warn_unused_result__ if 
  __USE_FORTIFY_LEVEL > 2

- default XCFLAGS of RPM builds containing -D_FORTIFY_SOURCE=2
Comment 1 Kai Engert (:kaie) (inactive account) 2016-08-26 20:43:18 UTC 
Who knows why RHEL 6 rpm builds enable these fortify features by default?
Is it acceptable for RHEL 6 builds to override that and build without it?

If not, are we reqiured to use downstream patches that add code that tricks the compiler into believing we're not ignoring the return values?

Is there any simpler workaround?
Comment 2 Florian Weimer 2016-08-26 20:45:56 UTC 
You can use -Wno-error=unused-result, either globally, or for specific targets.

In general, the assumption is that you do not build with -Werror.
Comment 3 Kai Engert (:kaie) (inactive account) 2016-08-26 20:52:11 UTC 
(In reply to Florian Weimer from comment #2)
> You can use -Wno-error=unused-result, either globally, or for specific
> targets.
> 
> In general, the assumption is that you do not build with -Werror.

The upstream NSS sources have been changed to build with -Werror
Comment 4 Kai Engert (:kaie) (inactive account) 2016-08-26 20:55:14 UTC 
Florian, thanks a lot for your help. That compiler option fixes the problem!
Comment 5 Tomas Hoger 2016-08-26 21:00:53 UTC 
FWIW, those warnings can be found in the build.log for the regular RHEL-6 NSS build.  So building with -Werror should break that build as well.