Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
Control: forwarded -1 https://github.com/traviscross/mtr/pull/411 https://github.com/traviscross/mtr/commit/aeb493e08eabcb4e6178bda0bb84e9cd01c9f213 Control: tags -1 + upstream patch On Sun, 28 Nov 2021 16:51:05 +0100 Sven Joachim wrote: > In the meantime upstream has accepted a pull request (not tested by me) Unfortunately there has not yet been an upstream release containing a fix for this issue and mtr will soon be removed from Debian testing because the bug is unfixed. Could the patch be backported? -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
Control: tags -1 + fixed-upstream On 2021-10-24 05:56 -0700, Robert Woodcock wrote: > On 10/24/21 4:36 AM, Rogier Wolff wrote: >> >> I think this is perfectly legal C code and your compiler doesn't like >> it. It doesn't just warn, but gives an error. >> >> Roger. > Rogier, that is a 100% true statement, but Debian (and most other > distributions) have started using the -Werror=format-security build flag for > everything everywhere because leaving all of these calls as-is means, in > certain cases, leaving vulnerabilities in. Sure, you can prove that mtr's > code introduces no such vulnerabilities because none of the format specs are > user-supplied, but it's probably not reasonable to expect that that would be > a one-time effort, whereas changing the code would be. In the meantime upstream has accepted a pull request (not tested by me): https://github.com/traviscross/mtr/commit/aeb493e08eabcb4e6178bda0bb84e9cd01c9f213 Cheers, Sven
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
On 10/24/21 4:36 AM, Rogier Wolff wrote: > > I think this is perfectly legal C code and your compiler doesn't like > it. It doesn't just warn, but gives an error. > > Roger. Rogier, that is a 100% true statement, but Debian (and most other distributions) have started using the -Werror=format-security build flag for everything everywhere because leaving all of these calls as-is means, in certain cases, leaving vulnerabilities in. Sure, you can prove that mtr's code introduces no such vulnerabilities because none of the format specs are user-supplied, but it's probably not reasonable to expect that that would be a one-time effort, whereas changing the code would be.
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
On Sat, Oct 23, 2021 at 09:07:10PM +0200, Lucas Nussbaum wrote: > Source: mtr > Version: 0.94-2 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs That's an error in your compiler. A printf-like function often has a string litteral specifying the format printf ("a = %d\n", a); But it is still just a string. So when I want to print something either in hex or in dec depending on a user-setting. I could do something like: printf ("a = "); printf (theformat, a); printf ("\n"); Now this has become three statements. To compact this a bit more, we might do: sprintf (format, "a = %s\n", theformat); // format is %d or %x or... set by user printf (format, a); I think this is perfectly legal C code and your compiler doesn't like it. It doesn't just warn, but gives an error. Roger. > Hi, > > During a rebuild of all packages in sid, your package failed to build > on amd64. > > > Relevant part (hopefully): > > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread > > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include > > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 > > -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng16 > > -I/usr/include/x86_64-linux-gnu -I/usr/include/pango-1.0 > > -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/libmount > > -I/usr/include/blkid -I/usr/include/fribidi -I/usr/include/cairo > > -I/usr/include/pixman-1 -I/usr/include/harfbuzz -I/usr/include/glib-2.0 > > -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/uuid > > -I/usr/include/freetype2 -I/usr/include/libpng16-g -O2 > > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-curses.o `test > > -f 'ui/curses.c' || echo '../'`ui/curses.c > > ../ui/curses.c: In function ‘mtr_curses_hosts’: > > ../ui/curses.c:435:17: error: format not a string literal and no format > > arguments [-Werror=format-security] > > 435 | printw(fmt_ipinfo(ctl, addr)); > > | ^~ > > ../ui/curses.c:488:21: error: format not a string literal and no format > > arguments [-Werror=format-security] > > 488 | printw(fmt_ipinfo(ctl, addrs)); > > | ^~ > > ../ui/curses.c: In function ‘mtr_curses_graph’: > > ../ui/curses.c:653:17: error: format not a string literal and no format > > arguments [-Werror=format-security] > > 653 | printw(fmt_ipinfo(ctl, addr)); > > | ^~ > > ../ui/curses.c: In function ‘mtr_curses_redraw’: > > ../ui/curses.c:703:5: error: format not a string literal and no format > > arguments [-Werror=format-security] > > 703 | mvprintw(1, maxx - 25, iso_time()); > > | ^~~~ > > ../ui/curses.c:763:42: error: format not a string literal and no format > > arguments [-Werror=format-security] > > 763 | mvprintw(rowstat - 1, startstat, msg); > > | ^~~ > > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread > > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include > > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 > > -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng16 > > -I/usr/include/x86_64-linux-gnu -I/usr/include/pango-1.0 > > -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/libmount > > -I/usr/include/blkid -I/usr/include/fribidi -I/usr/include/cairo > > -I/usr/include/pixman-1 -I/usr/include/harfbuzz -I/usr/include/glib-2.0 > > -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/uuid > > -I/usr/include/freetype2 -I/usr/include/libpng16-g -O2 > > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-gtk.o `test -f > > 'ui/gtk.c' || echo '../'`ui/gtk.c > > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/packet.o > > ../packet/packet.c > > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/cmdparse.o > > ../packet/cmdparse.c > > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/command.o > > ../packet/command.c > > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/probe.o > > ../packet/probe.c > > In file included from /usr/include/string.h:519, > > from ../packet/probe.c:31: > > In function
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
Source: mtr Version: 0.94-2 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 > -I/usr/include/libpng16 -I/usr/include/x86_64-linux-gnu > -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 > -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/fribidi > -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/harfbuzz > -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include > -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16-g > -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-curses.o `test > -f 'ui/curses.c' || echo '../'`ui/curses.c > ../ui/curses.c: In function ‘mtr_curses_hosts’: > ../ui/curses.c:435:17: error: format not a string literal and no format > arguments [-Werror=format-security] > 435 | printw(fmt_ipinfo(ctl, addr)); > | ^~ > ../ui/curses.c:488:21: error: format not a string literal and no format > arguments [-Werror=format-security] > 488 | printw(fmt_ipinfo(ctl, addrs)); > | ^~ > ../ui/curses.c: In function ‘mtr_curses_graph’: > ../ui/curses.c:653:17: error: format not a string literal and no format > arguments [-Werror=format-security] > 653 | printw(fmt_ipinfo(ctl, addr)); > | ^~ > ../ui/curses.c: In function ‘mtr_curses_redraw’: > ../ui/curses.c:703:5: error: format not a string literal and no format > arguments [-Werror=format-security] > 703 | mvprintw(1, maxx - 25, iso_time()); > | ^~~~ > ../ui/curses.c:763:42: error: format not a string literal and no format > arguments [-Werror=format-security] > 763 | mvprintw(rowstat - 1, startstat, msg); > | ^~~ > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 > -I/usr/include/libpng16 -I/usr/include/x86_64-linux-gnu > -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 > -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/fribidi > -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/harfbuzz > -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include > -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16-g > -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-gtk.o `test -f > 'ui/gtk.c' || echo '../'`ui/gtk.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/packet.o > ../packet/packet.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/cmdparse.o > ../packet/cmdparse.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/command.o > ../packet/command.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/probe.o > ../packet/probe.c > In file included from /usr/include/string.h:519, > from ../packet/probe.c:31: > In function ‘strncat’, > inlined from ‘respond_to_probe’ at ../packet/probe.c:296:9: > /usr/include/x86_64-linux-gnu/bits/string_fortified.h:122:10: warning: > ‘__builtin___strncat_chk’ output may be truncated copying between 0 and 4095 > bytes from a string of length 4095 [-Wstringop-truncation] > 122 | return __builtin___strncat_chk (__dest, __src, __len, __bos > (__dest)); > | > ^~ > In file included from /usr/include/gtk-2.0/gtk/gtkobject.h:37, > from /usr/include/gtk-2.0/gtk/gtkwidget.h:36, > from /usr/include/gtk-2.0/gtk/gtkcontainer.h:35, > from /usr/include/gtk-2.0/gtk/gtkbin.h:35, > from /usr/include/gtk-2.0/gtk/gtkwindow.h:36, > from /usr/include/gtk-2.0/gtk/gtkdialog.h:35, > from