Bug 1425825 - gcc -Werror=format-security -Wall not reporting errors
gcc -Werror=format-security -Wall not reporting errors
Product: Fedora
Classification: Fedora
Component: gcc (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jakub Jelinek
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2017-02-22 09:25 EST by Frantisek Kluknavsky
Modified: 2017-03-07 14:44 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-03-07 14:44:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
GNU Compiler Collection 79677 None None None 2017-02-22 09:45 EST

  None (edit)
Description Frantisek Kluknavsky 2017-02-22 09:25:12 EST
Description of problem:
Combination of -Wformat and -Werror=format-security flags (or -Wall and -Werror=format-security) does not behave consistently.

Using 'gcc -Wformat -Werror=format-security' with the source file provided below reports error "format not a string literal and no format arguments" on line 7 as expected whereas 'gcc -Werror=format-security -Wformat' does not. Similar behavior can be observed with the -Wall flag instead of -Wformat.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
$ cat formatsecurity.c 
#include <stdio.h>
int main()
	char message[10];
	return 0;

$ gcc -Wall -Werror=format-security  formatsecurity.c

$ gcc -Wall -Werror=format-security -Wall formatsecurity.c

$ gcc -Werror=format-security -Wall formatsecurity.c

Actual results:
Error after step 2, silent run after steps 3 and 4.

Expected results:
Error message after each run of gcc. Either about vulnerable code or about wrong usage of flags. Adding -Wall should definitely not hide errors as in step 3.
Comment 1 Jakub Jelinek 2017-02-22 09:45:26 EST
Filed upstream: PR79677.  In the mean time, use -Wformat-security -Werror=format-security instead of just -Werror=format-security and then it will work properly.
Comment 2 Frantisek Kluknavsky 2017-02-23 04:46:02 EST
"-Wformat-security -Werror=format-security" gives "error: -Wformat-security ignored without -Wformat"
"-Wformat -Wformat-security -Werror=format-security" works.

Fun note: Fedora currently uses -Wall -Werror=format-security. While it is possible to get warnings with a right combination of flags (if you know...), it is a very strange feeling to fix rpm build errors by adding another -Wall. Surprisingly satisfying ;-)
Comment 3 Jakub Jelinek 2017-03-07 14:44:46 EST
Fixed in F26, not going to backport.

Note You need to log in before you can comment on or make changes to this bug.