[Pkg-clamav-devel] Bug#980592: clamav: FTBFS: check_jsnorm.c:250:57: error: format not a string literal and no format arguments [-Werror=format-security]
Lucas Nussbaum
lucas at debian.org
Wed Jan 20 20:25:49 GMT 2021
Source: clamav
Version: 0.103.0+dfsg-3
Severity: serious
Justification: FTBFS on amd64
Tags: bullseye sid ftbfs
Usertags: ftbfs-20210120 ftbfs-bullseye
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../libclamav -I../libclamav -I../libclamunrar_iface -pthread -I/usr/include/json-c -DSRCDIR=\"/<<PKGBUILDDIR>>/unit_tests\" -DOBJDIR=\"/<<PKGBUILDDIR>>/unit_tests\" -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o check_clamav-check_jsnorm.o `test -f 'check_jsnorm.c' || echo './'`check_jsnorm.c
> In file included from check_jsnorm.c:32:
> check_jsnorm.c: In function ‘tokenizer_test’:
> check_jsnorm.c:250:57: error: format not a string literal and no format arguments [-Werror=format-security]
> 250 | ck_assert_msg("failed to open output file: %s", filename);
> | ^~~~~~~~
> check_jsnorm.c: In function ‘js_buffer_fn’:
> check_jsnorm.c:408:45: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
> 408 | strncpy(tst + len - sizeof(e), e, sizeof(e));
> | ^
> check_jsnorm.c:412:57: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
> 412 | strncpy(exp + sizeof(s_exp) + len - 2, e_exp, sizeof(e_exp));
> | ^
> In file included from /usr/include/string.h:495,
> from check_jsnorm.c:31:
> In function ‘strncpy’,
> inlined from ‘js_buffer_fn’ at check_jsnorm.c:407:5:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ‘__builtin___strncpy_chk’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
> 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> check_jsnorm.c: In function ‘js_buffer_fn’:
> check_jsnorm.c:407:5: note: length computed here
> 407 | strncpy(tst, s, strlen(s));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: some warnings being treated as errors
> make[4]: *** [Makefile:942: check_clamav-check_jsnorm.o] Error 1
The full build log is available from:
http://qa-logs.debian.net/2021/01/20/clamav_0.103.0+dfsg-3_unstable.log
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
If you reassign this bug to another package, please marking it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with me
so that we can identify if something relevant changed in the meantime.
About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
More information about the Pkg-clamav-devel
mailing list