Bug 1425825 - gcc -Werror=format-security -Wall not reporting errors
Summary: gcc -Werror=format-security -Wall not reporting errors
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: gcc
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-22 14:25 UTC by Frantisek Kluknavsky
Modified: 2017-03-07 19:44 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-07 19:44:46 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNU Compiler Collection 79677 0 None None None 2017-02-22 14:45:50 UTC

Description Frantisek Kluknavsky 2017-02-22 14:25:12 UTC
Description of problem:
Combination of -Wformat and -Werror=format-security flags (or -Wall and -Werror=format-security) does not behave consistently.

Using 'gcc -Wformat -Werror=format-security' with the source file provided below reports error "format not a string literal and no format arguments" on line 7 as expected whereas 'gcc -Werror=format-security -Wformat' does not. Similar behavior can be observed with the -Wall flag instead of -Wformat.


Version-Release number of selected component (if applicable):
gcc-6.3.1-1.fc25.x86_64

How reproducible:
always

Steps to Reproduce:
1. 
$ cat formatsecurity.c 
#include <stdio.h>
int main()
{
	char message[10];
	message[0]=0;
	printf(message);
	return 0;
}

2.
$ gcc -Wall -Werror=format-security  formatsecurity.c

3.
$ gcc -Wall -Werror=format-security -Wall formatsecurity.c

4.
$ gcc -Werror=format-security -Wall formatsecurity.c

Actual results:
Error after step 2, silent run after steps 3 and 4.

Expected results:
Error message after each run of gcc. Either about vulnerable code or about wrong usage of flags. Adding -Wall should definitely not hide errors as in step 3.

Comment 1 Jakub Jelinek 2017-02-22 14:45:26 UTC
Filed upstream: PR79677.  In the mean time, use -Wformat-security -Werror=format-security instead of just -Werror=format-security and then it will work properly.

Comment 2 Frantisek Kluknavsky 2017-02-23 09:46:02 UTC
"-Wformat-security -Werror=format-security" gives "error: -Wformat-security ignored without -Wformat"
"-Wformat -Wformat-security -Werror=format-security" works.

Fun note: Fedora currently uses -Wall -Werror=format-security. While it is possible to get warnings with a right combination of flags (if you know...), it is a very strange feeling to fix rpm build errors by adding another -Wall. Surprisingly satisfying ;-)

Comment 3 Jakub Jelinek 2017-03-07 19:44:46 UTC
Fixed in F26, not going to backport.


Note You need to log in before you can comment on or make changes to this bug.