Bug 1370637 - _FORTIFY_SOURCE=2 in default XCFLAGS causes NSS build failure with devtoolset-4
Summary: _FORTIFY_SOURCE=2 in default XCFLAGS causes NSS build failure with devtoolset-4
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss
Version: 6.8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: nss-nspr-maint
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1298690
TreeView+ depends on / blocked
 
Reported: 2016-08-26 20:40 UTC by Kai Engert (:kaie) (inactive account)
Modified: 2016-08-26 22:16 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-26 20:55:14 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Kai Engert (:kaie) (inactive account) 2016-08-26 20:40:23 UTC 
I'm working on bug 1298690, which requires to build NSS with the newer gcc compiler 5.3.1 included in devtoolset-4.

I'm getting build failures:

h_page.c: In function 'overflow_page':
h_page.c:985:4: error: ignoring return value of 'fwrite', declared with attribute warn_unused_result [-Werror=unused-result]
    (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);
    ^
h_page.c:1000:4: error: ignoring return value of 'fwrite', declared with attribute warn_unused_result [-Werror=unused-result]
    (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);
    ^
h_page.c:1026:5: error: ignoring return value of 'fwrite', declared with attribute warn_unused_result [-Werror=unused-result]
     (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);


These are apparently caused by the following combination:

- fwrite defined with __wur in /usr/include/stdio.h

  extern size_t fwrite (__const void *__restrict __ptr, size_t __size,
                        size_t __n, FILE *__restrict __s) __wur;

- __wur defined as __attribute_warn_unused_result__ if 
  __USE_FORTIFY_LEVEL > 2

- default XCFLAGS of RPM builds containing -D_FORTIFY_SOURCE=2
Comment 1 Kai Engert (:kaie) (inactive account) 2016-08-26 20:43:18 UTC 
Who knows why RHEL 6 rpm builds enable these fortify features by default?
Is it acceptable for RHEL 6 builds to override that and build without it?

If not, are we reqiured to use downstream patches that add code that tricks the compiler into believing we're not ignoring the return values?

Is there any simpler workaround?
Comment 2 Florian Weimer 2016-08-26 20:45:56 UTC 
You can use -Wno-error=unused-result, either globally, or for specific targets.

In general, the assumption is that you do not build with -Werror.
Comment 3 Kai Engert (:kaie) (inactive account) 2016-08-26 20:52:11 UTC 
(In reply to Florian Weimer from comment #2)
> You can use -Wno-error=unused-result, either globally, or for specific
> targets.
> 
> In general, the assumption is that you do not build with -Werror.

The upstream NSS sources have been changed to build with -Werror
Comment 4 Kai Engert (:kaie) (inactive account) 2016-08-26 20:55:14 UTC 
Florian, thanks a lot for your help. That compiler option fixes the problem!
Comment 5 Tomas Hoger 2016-08-26 21:00:53 UTC 
FWIW, those warnings can be found in the build.log for the regular RHEL-6 NSS build.  So building with -Werror should break that build as well.
Note You need to log in before you can comment on or make changes to this bug.