Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
Control: forwarded -1 https://github.com/traviscross/mtr/pull/411 https://github.com/traviscross/mtr/commit/aeb493e08eabcb4e6178bda0bb84e9cd01c9f213 Control: tags -1 + upstream patch On Sun, 28 Nov 2021 16:51:05 +0100 Sven Joachim wrote: > In the meantime upstream has accepted a pull request (not tested by me) Unfortunately there has not yet been an upstream release containing a fix for this issue and mtr will soon be removed from Debian testing because the bug is unfixed. Could the patch be backported? -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
Control: tags -1 + fixed-upstream On 2021-10-24 05:56 -0700, Robert Woodcock wrote: > On 10/24/21 4:36 AM, Rogier Wolff wrote: >> >> I think this is perfectly legal C code and your compiler doesn't like >> it. It doesn't just warn, but gives an error. >> >> Roger. > Rogier, that is a 100% true statement, but Debian (and most other > distributions) have started using the -Werror=format-security build flag for > everything everywhere because leaving all of these calls as-is means, in > certain cases, leaving vulnerabilities in. Sure, you can prove that mtr's > code introduces no such vulnerabilities because none of the format specs are > user-supplied, but it's probably not reasonable to expect that that would be > a one-time effort, whereas changing the code would be. In the meantime upstream has accepted a pull request (not tested by me): https://github.com/traviscross/mtr/commit/aeb493e08eabcb4e6178bda0bb84e9cd01c9f213 Cheers, Sven
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
On 10/24/21 4:36 AM, Rogier Wolff wrote: > > I think this is perfectly legal C code and your compiler doesn't like > it. It doesn't just warn, but gives an error. > > Roger. Rogier, that is a 100% true statement, but Debian (and most other distributions) have started using the -Werror=format-security build flag for everything everywhere because leaving all of these calls as-is means, in certain cases, leaving vulnerabilities in. Sure, you can prove that mtr's code introduces no such vulnerabilities because none of the format specs are user-supplied, but it's probably not reasonable to expect that that would be a one-time effort, whereas changing the code would be.
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
On Sat, Oct 23, 2021 at 09:07:10PM +0200, Lucas Nussbaum wrote:
> Source: mtr
> Version: 0.94-2
> Severity: serious
> Justification: FTBFS
> Tags: bookworm sid ftbfs
That's an error in your compiler.
A printf-like function often has a string litteral specifying the
format
printf ("a = %d\n", a);
But it is still just a string. So when I want to print something
either in hex or in dec depending on a user-setting.
I could do something like:
printf ("a = ");
printf (theformat, a);
printf ("\n");
Now this has become three statements. To compact this a bit more, we
might do:
sprintf (format, "a = %s\n", theformat); // format is %d or %x or... set by
user
printf (format, a);
I think this is perfectly legal C code and your compiler doesn't like
it. It doesn't just warn, but gives an error.
Roger.
> Hi,
>
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
>
>
> Relevant part (hopefully):
> > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread
> > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include
> > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0
> > -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng16
> > -I/usr/include/x86_64-linux-gnu -I/usr/include/pango-1.0
> > -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/libmount
> > -I/usr/include/blkid -I/usr/include/fribidi -I/usr/include/cairo
> > -I/usr/include/pixman-1 -I/usr/include/harfbuzz -I/usr/include/glib-2.0
> > -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/uuid
> > -I/usr/include/freetype2 -I/usr/include/libpng16-g -O2
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat
> > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-curses.o `test
> > -f 'ui/curses.c' || echo '../'`ui/curses.c
> > ../ui/curses.c: In function ‘mtr_curses_hosts’:
> > ../ui/curses.c:435:17: error: format not a string literal and no format
> > arguments [-Werror=format-security]
> > 435 | printw(fmt_ipinfo(ctl, addr));
> > | ^~
> > ../ui/curses.c:488:21: error: format not a string literal and no format
> > arguments [-Werror=format-security]
> > 488 | printw(fmt_ipinfo(ctl, addrs));
> > | ^~
> > ../ui/curses.c: In function ‘mtr_curses_graph’:
> > ../ui/curses.c:653:17: error: format not a string literal and no format
> > arguments [-Werror=format-security]
> > 653 | printw(fmt_ipinfo(ctl, addr));
> > | ^~
> > ../ui/curses.c: In function ‘mtr_curses_redraw’:
> > ../ui/curses.c:703:5: error: format not a string literal and no format
> > arguments [-Werror=format-security]
> > 703 | mvprintw(1, maxx - 25, iso_time());
> > | ^~~~
> > ../ui/curses.c:763:42: error: format not a string literal and no format
> > arguments [-Werror=format-security]
> > 763 | mvprintw(rowstat - 1, startstat, msg);
> > | ^~~
> > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread
> > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include
> > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0
> > -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng16
> > -I/usr/include/x86_64-linux-gnu -I/usr/include/pango-1.0
> > -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/libmount
> > -I/usr/include/blkid -I/usr/include/fribidi -I/usr/include/cairo
> > -I/usr/include/pixman-1 -I/usr/include/harfbuzz -I/usr/include/glib-2.0
> > -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/uuid
> > -I/usr/include/freetype2 -I/usr/include/libpng16-g -O2
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat
> > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-gtk.o `test -f
> > 'ui/gtk.c' || echo '../'`ui/gtk.c
> > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat
> > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/packet.o
> > ../packet/packet.c
> > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat
> > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/cmdparse.o
> > ../packet/cmdparse.c
> > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat
> > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/command.o
> > ../packet/command.c
> > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat
> > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/probe.o
> > ../packet/probe.c
> > In file included from /usr/include/string.h:519,
> > from ../packet/probe.c:31:
> > In function
Bug#997194: mtr: FTBFS: ../ui/curses.c:435:17: error: format not a string literal and no format arguments [-Werror=format-security]
Source: mtr Version: 0.94-2 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 > -I/usr/include/libpng16 -I/usr/include/x86_64-linux-gnu > -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 > -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/fribidi > -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/harfbuzz > -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include > -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16-g > -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-curses.o `test > -f 'ui/curses.c' || echo '../'`ui/curses.c > ../ui/curses.c: In function ‘mtr_curses_hosts’: > ../ui/curses.c:435:17: error: format not a string literal and no format > arguments [-Werror=format-security] > 435 | printw(fmt_ipinfo(ctl, addr)); > | ^~ > ../ui/curses.c:488:21: error: format not a string literal and no format > arguments [-Werror=format-security] > 488 | printw(fmt_ipinfo(ctl, addrs)); > | ^~ > ../ui/curses.c: In function ‘mtr_curses_graph’: > ../ui/curses.c:653:17: error: format not a string literal and no format > arguments [-Werror=format-security] > 653 | printw(fmt_ipinfo(ctl, addr)); > | ^~ > ../ui/curses.c: In function ‘mtr_curses_redraw’: > ../ui/curses.c:703:5: error: format not a string literal and no format > arguments [-Werror=format-security] > 703 | mvprintw(1, maxx - 25, iso_time()); > | ^~~~ > ../ui/curses.c:763:42: error: format not a string literal and no format > arguments [-Werror=format-security] > 763 | mvprintw(rowstat - 1, startstat, msg); > | ^~~ > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -pthread > -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include > -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/gdk-pixbuf-2.0 > -I/usr/include/libpng16 -I/usr/include/x86_64-linux-gnu > -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 > -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/fribidi > -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/harfbuzz > -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include > -I/usr/include/uuid -I/usr/include/freetype2 -I/usr/include/libpng16-g > -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o ui/mtr-gtk.o `test -f > 'ui/gtk.c' || echo '../'`ui/gtk.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/packet.o > ../packet/packet.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/cmdparse.o > ../packet/cmdparse.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/command.o > ../packet/command.c > gcc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -Wno-pointer-sign -c -o packet/probe.o > ../packet/probe.c > In file included from /usr/include/string.h:519, > from ../packet/probe.c:31: > In function ‘strncat’, > inlined from ‘respond_to_probe’ at ../packet/probe.c:296:9: > /usr/include/x86_64-linux-gnu/bits/string_fortified.h:122:10: warning: > ‘__builtin___strncat_chk’ output may be truncated copying between 0 and 4095 > bytes from a string of length 4095 [-Wstringop-truncation] > 122 | return __builtin___strncat_chk (__dest, __src, __len, __bos > (__dest)); > | > ^~ > In file included from /usr/include/gtk-2.0/gtk/gtkobject.h:37, > from /usr/include/gtk-2.0/gtk/gtkwidget.h:36, > from /usr/include/gtk-2.0/gtk/gtkcontainer.h:35, > from /usr/include/gtk-2.0/gtk/gtkbin.h:35, > from /usr/include/gtk-2.0/gtk/gtkwindow.h:36, > from /usr/include/gtk-2.0/gtk/gtkdialog.h:35, > from
