[Debian-med-packaging] Trying to disable error=format-security for clapack

Gert Wollny gw.fossdev at gmail.com
Mon May 16 10:02:02 UTC 2016 

Hello, 

Am Montag, den 16.05.2016, 09:14 +0000 schrieb Gianfranco Costamagna:
> Hi,
> 
> > /build/clapack-3.2.1/F2CLIBS/libf2c/arithchk.c:125:2: error: format
> > not a string literal and no format arguments [-Werror=format-
> > security]
> >  Cray1 = printf(emptyfmt) < 0 ? 0 : 4617762;
> >  ^
> > cc1: some warnings being treated as errors
> 
> I would consider this an RC bug.
> 
> security wise the printf can be used to inject shell code in the
> program, so I would avoid having such buggyness in the archive
> [1] https://en.wikipedia.org/wiki/Uncontrolled_format_string

I think, since in this case the (empty) format string passed to the printf call is not user generated there is no security problem to be exploited.

In addition the source code file in question is part of the "check" target, so this piece of code will will only be using during building and not end up in a library. 

> 
> char *emptyfmt = "";	/* avoid possible warning message with
> printf("") */
> printf(emptyfmt);
> 
> should be replaced with
> 
> char *emptyfmt = ""; /* avoid possible warning message with
> printf("") */
> printf("%s",emptyfmt);
> 
> I'm not sure why you don't want to cherry such a simple and safe fix.

The code seems to be using this call to do some wired checking on what
platform it is run, and I would guess that your fix would break this
check. 

Considering that the variable is called Cray1 I would somehow guess
that this test actually finds out whether this code is running on a
Cray1 where floating point arithmetic seems to have some differences as
compared to IEEE floating point operations. 
If Debian doesn't run on such an arch the test could most likely safely
be removed, i.e. remove all code from "ccheck" but the "return 0"
line. 

Apart from that disabling the warning itself can and should be done in
the code by using pragmas like this: 


#ifdef __GNUC__
# pragma GCC diagnostic push
# ifndef __clang__ 
#  pragma GCC diagnostic ignored "-Wformat-security"
# else
#  pragma clang diagnostic ignored "-Wformat-security"
# endif 
#endif 

/* code that issues warning */

#ifdef __GNUC__
# pragma GCC diagnostic pop
#endif 

Hope that helps, 
Gert 

More information about the Debian-med-packaging mailing list