subject:"Warnings for %n in format strings"

Re: Warnings for %n in format strings

2021-09-14 Thread Stuart Henderson

On 2021/09/14 05:42, Theo Buehler wrote:
> On Tue, Sep 07, 2021 at 09:10:39PM +0100, Stuart Henderson wrote:
> > > devel/libvstr   The OpenBSD ports mailing-list 
> > 
> > I don't remember what libvstr was imported for originally but it's
> > unused in ports, I propose removing it
> 
> Converting it to avoid %n will be a bit of work (18 files with
> non-trivial %n usage). Was this ever used in the tree? I couldn't find
> any consumers.

It wasn't. I suspect I may have added it for an early attempt at porting
strongswan.

> ok tb
> 
> to remove it.

Done :)

Re: Warnings for %n in format strings

2021-09-13 Thread Theo Buehler

On Tue, Sep 07, 2021 at 09:10:39PM +0100, Stuart Henderson wrote:
> > devel/libvstr   The OpenBSD ports mailing-list 
> 
> I don't remember what libvstr was imported for originally but it's
> unused in ports, I propose removing it

Converting it to avoid %n will be a bit of work (18 files with
non-trivial %n usage). Was this ever used in the tree? I couldn't find
any consumers.

ok tb

to remove it.

Re: Warnings for %n in format strings (2021-09-10)

2021-09-10 Thread joshua stein

On Fri, 10 Sep 2021 at 16:29:57 +0200, Christian Weisgerber wrote:
> Here's the list of remaining ports with
> 
> warning: '%n' format specifier support is deactivated and will call abort(3)
> 
> These need to be fixed before the release.

> net/dnstracer   The OpenBSD ports mailing-list 

That one has been fixed.

Warnings for %n in format strings (2021-09-10)

2021-09-10 Thread Christian Weisgerber

Here's the list of remaining ports with

warning: '%n' format specifier support is deactivated and will call abort(3)

These need to be fixed before the release.

databases/openldap23The OpenBSD ports mailing-list 
devel/adb   The OpenBSD ports mailing-list 
devel/libvstr   The OpenBSD ports mailing-list 
editors/cooleditMarc Espie 
editors/nedit   Alessandro De Laurenzis 
games/gnugo The OpenBSD ports mailing-list 
games/xmahjongg The OpenBSD ports mailing-list 
lang/ghcThe OpenBSD ports mailing-list 
mail/exim   Renaud Allard 
math/mclThe OpenBSD ports mailing-list 
math/yorick The OpenBSD ports mailing-list 
misc/brltty The OpenBSD ports mailing-list 
misc/uniutils   Nicholas Marriott 
net/climm   Pascal Stumpf 
net/dnstracer   The OpenBSD ports mailing-list 
net/libsmi  Nigel Taylor 
print/lcdf-typetoolsThe OpenBSD ports mailing-list 
security/gnupg  Edd Barrett 
security/libssh2Benoit Lecocq 
sysutils/cdrtools   The OpenBSD ports mailing-list 
textproc/link-grammar   The OpenBSD ports mailing-list 
textproc/openjade   The OpenBSD ports mailing-list 
x11/fvwm2   Michael 

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: Warnings for %n in format strings

2021-09-08 Thread Sebastien Marie

On Wed, Sep 08, 2021 at 01:37:34PM +0100, Stuart Henderson wrote:
> On 2021/09/07 21:24, Christian Weisgerber wrote:
> > Earlier today, semarie@ committed a change that will now cause base
> > clang to warn when the %n specifier appears in a format string for
> > the printf(3) family of functions:
> > 
> > warning: '%n' format specifier support is deactivated and will call abort(3)
> 
> By the way, as jca@ said earlier: "There may be others that can't be
> flagged by the compiler [...] because of indirections through wrapper
> functions." - so, runtime tests will possibly pick up more software
> needing attention.
> 

I agree.

This format string is checked because clang detects it as format
string. clang is using function attribute (like
__attribute__((__format__ (printf, 1, 2 for this purpose.

Standard printf(3) family functions has it: it will properly detect
%n on them.

User functions using __format__ attribute will be checked too. It
could lead to (semi-)false positive like for exim (the function is
home-made so do not carry abort(3) on %n usage, but it doesn't mean it
is a good thing).

But if a user function doesn't use the __format__ attribute, and pass
an argument as format string to printf(3), it will not be checked, but
it will abort(3) at runtime.

Thanks.
-- 
Sebastien Marie

Re: Warnings for %n in format strings

2021-09-08 Thread Theo de Raadt

Stuart Henderson  wrote:

> On 2021/09/07 21:24, Christian Weisgerber wrote:
> > Earlier today, semarie@ committed a change that will now cause base
> > clang to warn when the %n specifier appears in a format string for
> > the printf(3) family of functions:
> > 
> > warning: '%n' format specifier support is deactivated and will call abort(3)
> 
> By the way, as jca@ said earlier: "There may be others that can't be
> flagged by the compiler [...] because of indirections through wrapper
> functions." - so, runtime tests will possibly pick up more software
> needing attention.

The user community can help by looking for messages in /var/log/messages
which look like this

  program: *printf used %n, aborting: 

and

  program: *wprintf used %n, aborting

(the wide functions do not print the message)

Such programs will also be aborting, probably dumping core somewhere.

The more we fix, the better, because we think this %n behaviour is
going to make it into 7.0 release.

Re: Warnings for %n in format strings

2021-09-08 Thread Stuart Henderson

On 2021/09/07 21:24, Christian Weisgerber wrote:
> Earlier today, semarie@ committed a change that will now cause base
> clang to warn when the %n specifier appears in a format string for
> the printf(3) family of functions:
> 
> warning: '%n' format specifier support is deactivated and will call abort(3)

By the way, as jca@ said earlier: "There may be others that can't be
flagged by the compiler [...] because of indirections through wrapper
functions." - so, runtime tests will possibly pick up more software
needing attention.

Re: Warnings for %n in format strings

2021-09-08 Thread Christian Weisgerber

Stuart Henderson:

> henning: do you still use openldap 2.3? if not, the port is a bit of a
> source of problems and it would be helpful to remove it (these days 2.4
> has a backend which is nothing to do with berkeley db which iirc was the
> original problem)

In case we still need it, we can just copy the newer code from
openldap 2.4:

Index: Makefile
===
RCS file: /cvs/ports/databases/openldap23/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- Makefile20 Mar 2020 16:44:22 -  1.28
+++ Makefile8 Sep 2021 08:17:51 -
@@ -4,7 +4,7 @@ COMMENT=open-source LDAP software (serv
 
 DISTNAME=  openldap-2.3.43
 PKGNAME=   ${DISTNAME:S/-/-server-/}
-REVISION=  21
+REVISION=  22
 
 CATEGORIES=databases net
 
Index: patches/patch-libraries_libldap_url_c
===
RCS file: patches/patch-libraries_libldap_url_c
diff -N patches/patch-libraries_libldap_url_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-libraries_libldap_url_c   8 Sep 2021 08:17:51 -
@@ -0,0 +1,23 @@
+$OpenBSD$
+
+Index: libraries/libldap/url.c
+--- libraries/libldap/url.c.orig
 libraries/libldap/url.c
+@@ -617,12 +617,14 @@ desc2str( LDAPURLDesc *u, char *s, int len )
+   }
+ 
+   if ( u->lud_port ) {
+-  len -= sprintf( s, "%s://%s:%d%n", u->lud_scheme,
++  sofar = sprintf( s, "%s://%s:%d", u->lud_scheme,
+   u->lud_host ? u->lud_host : "",
+-  u->lud_port,  );
++  u->lud_port );
++  len -= sofar;
+ 
+   } else {
+-  len -= sprintf( s, "%s://%n", u->lud_scheme,  );
++  sofar = sprintf( s, "%s://", u->lud_scheme );
++  len -= sofar;
+   if ( u->lud_host && u->lud_host[0] ) {
+   i = hex_escape( [sofar], len, u->lud_host, 
URLESC_SLASH );
+   sofar += i;
-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

lang/ghc (was: Warnings for %n in format strings)

2021-09-07 Thread Matthias Kilian

Hi,

On Tue, Sep 07, 2021 at 09:24:31PM +0200, Christian Weisgerber wrote:
> lang/ghcThe OpenBSD ports mailing-list 

Untested patch -- I'll probably get a test build with it together
with all ports depending on ghc tomorrow, but if anyone want's to
beat me ...

Ciao,
Kili

Index: Makefile
===
RCS file: /cvs/ports/lang/ghc/Makefile,v
retrieving revision 1.188
diff -u -p -r1.188 Makefile
--- Makefile16 Aug 2021 21:23:18 -  1.188
+++ Makefile7 Sep 2021 20:42:00 -
@@ -19,6 +19,8 @@ DISTNAME =ghc-${GHC_VERSION}
 CATEGORIES =   lang devel
 HOMEPAGE = https://www.haskell.org/ghc/
 
+REVISION = 0
+
 # Version of the precompiled binaries
 BIN_VER =  8.10.3.20210429
 
Index: patches/patch-rts_Stats_c
===
RCS file: patches/patch-rts_Stats_c
diff -N patches/patch-rts_Stats_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-rts_Stats_c   7 Sep 2021 20:42:00 -
@@ -0,0 +1,53 @@
+$OpenBSD$
+
+Kill use of %n format specifier.
+
+Index: rts/Stats.c
+--- rts/Stats.c.orig
 rts/Stats.c
+@@ -69,7 +69,7 @@ static Time *GC_coll_cpu = NULL;
+ static Time *GC_coll_elapsed = NULL;
+ static Time *GC_coll_max_pause = NULL;
+ 
+-static void statsPrintf( char *s, ... ) GNUC3_ATTRIBUTE(format (PRINTF, 1, 
2));
++static int statsPrintf( char *s, ... ) GNUC3_ATTRIBUTE(format (PRINTF, 1, 2));
+ static void statsFlush( void );
+ static void statsClose( void );
+ 
+@@ -1024,8 +1024,10 @@ static void report_summary(const RTSSummaryStats* sum)
+ 
+ for (g = 0; g < RtsFlags.GcFlags.generations; g++) {
+ int prefix_length = 0;
+-statsPrintf("%*s" "gen[%" FMT_Word32 "%n",
+-col_width[0], "", g, _length);
++prefix_length = statsPrintf("%*s" "gen[%" FMT_Word32,
++col_width[0], "", g);
++if (prefix_length < 0)
++prefix_length = 0;
+ prefix_length -= col_width[0];
+ int suffix_length = col_width[1] + prefix_length;
+ suffix_length =
+@@ -1735,9 +1737,10 @@ void getRTSStats( RTSStats *s )
+Dumping stuff in the stats file, or via the debug message interface
+-- 
*/
+ 
+-void
++int
+ statsPrintf( char *s, ... )
+ {
++int ret = 0;
+ FILE *sf = RtsFlags.GcFlags.statsFile;
+ va_list ap;
+ 
+@@ -1745,9 +1748,10 @@ statsPrintf( char *s, ... )
+ if (sf == NULL) {
+ vdebugBelch(s,ap);
+ } else {
+-vfprintf(sf, s, ap);
++ret = vfprintf(sf, s, ap);
+ }
+ va_end(ap);
++return ret;
+ }
+ 
+ static void

Re: Warnings for %n in format strings

2021-09-07 Thread Stuart Henderson

henning: do you still use openldap 2.3? if not, the port is a bit of a
source of problems and it would be helpful to remove it (these days 2.4
has a backend which is nothing to do with berkeley db which iirc was the
original problem)

On 2021/09/07 21:24, Christian Weisgerber wrote:
> Earlier today, semarie@ committed a change that will now cause base
> clang to warn when the %n specifier appears in a format string for
> the printf(3) family of functions:
> 
> warning: '%n' format specifier support is deactivated and will call abort(3)
> 
> I already ran a full amd64 bulk build with this.  The surprisingly
> short list of ports that produce the warning is below.
> 
> THIS NEEDS TO BE FIXED.
> 
> databases/openldap23The OpenBSD ports mailing-list 
> devel/adb   The OpenBSD ports mailing-list 
> devel/libvstr   The OpenBSD ports mailing-list 

I don't remember what libvstr was imported for originally but it's
unused in ports, I propose removing it

> editors/cooleditMarc Espie 
> editors/nedit   Alessandro De Laurenzis 
> games/gnugo The OpenBSD ports mailing-list 
> games/xmahjongg The OpenBSD ports mailing-list 
> lang/ghcThe OpenBSD ports mailing-list 
> lang/node   Volker Schlecht 
> mail/exim   Renaud Allard 
> math/mclThe OpenBSD ports mailing-list 
> math/yorick The OpenBSD ports mailing-list 
> misc/brltty The OpenBSD ports mailing-list 
> misc/uniutils   Nicholas Marriott 
> net/climm   Pascal Stumpf 
> net/dnstracer   The OpenBSD ports mailing-list 
> net/libsmi  Nigel Taylor 
> print/lcdf-typetoolsThe OpenBSD ports mailing-list 
> security/gnupg  Edd Barrett 
> security/libssh2Benoit Lecocq 

> security/openssl/1.1The OpenBSD ports mailing-list 
> security/openssl/3.0The OpenBSD ports mailing-list 
> security/sslscanStuart Henderson 

tb has fixes for these 3 that I haven't reviewed yet

> sysutils/cdrtools   The OpenBSD ports mailing-list 
> textproc/link-grammar   The OpenBSD ports mailing-list 
> textproc/openjade   The OpenBSD ports mailing-list 
> x11/fvwm2   Michael 
> 
> The raw grep over the build logs:
> 
> ./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:620:34:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:625:29:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:620:34:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:625:29:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./databases/openldap23.log:url.c:620:34: warning: '%n' format specifier 
> support is deactivated and will call abort(3)
> ./databases/openldap23.log:url.c:625:29: warning: '%n' format specifier 
> support is deactivated and will call abort(3)
> ./databases/openldap23.log:url.c:620:34: warning: '%n' format specifier 
> support is deactivated and will call abort(3)
> ./databases/openldap23.log:url.c:625:29: warning: '%n' format specifier 
> support is deactivated and will call abort(3)
> ./devel/adb.log:transport.c:919:41: warning: '%n' format specifier support is 
> deactivated and will call abort(3)
> ./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:514:39:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:571:40:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:917:40:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:514:39:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:571:40:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:917:40:
>  warning: '%n' format specifier support is deactivated and will call abort(3)
> ./lang/node.log:../deps/openssl/openssl/apps/rehash.c:407:53: warning: '%n' 
> format specifier support is deactivated and will call abort(3)
> ./lang/node.log:../deps/openssl/openssl/apps/rehash.c:429:53: warning: '%n' 
> format specifier support is deactivated and will call abort(3)
> ./lang/ghc.log: warning: '%n' format

Warnings for %n in format strings

2021-09-07 Thread Christian Weisgerber

Earlier today, semarie@ committed a change that will now cause base
clang to warn when the %n specifier appears in a format string for
the printf(3) family of functions:

warning: '%n' format specifier support is deactivated and will call abort(3)

I already ran a full amd64 bulk build with this.  The surprisingly
short list of ports that produce the warning is below.

THIS NEEDS TO BE FIXED.

databases/openldap23The OpenBSD ports mailing-list 
devel/adb   The OpenBSD ports mailing-list 
devel/libvstr   The OpenBSD ports mailing-list 
editors/cooleditMarc Espie 
editors/nedit   Alessandro De Laurenzis 
games/gnugo The OpenBSD ports mailing-list 
games/xmahjongg The OpenBSD ports mailing-list 
lang/ghcThe OpenBSD ports mailing-list 
lang/node   Volker Schlecht 
mail/exim   Renaud Allard 
math/mclThe OpenBSD ports mailing-list 
math/yorick The OpenBSD ports mailing-list 
misc/brltty The OpenBSD ports mailing-list 
misc/uniutils   Nicholas Marriott 
net/climm   Pascal Stumpf 
net/dnstracer   The OpenBSD ports mailing-list 
net/libsmi  Nigel Taylor 
print/lcdf-typetoolsThe OpenBSD ports mailing-list 
security/gnupg  Edd Barrett 
security/libssh2Benoit Lecocq 
security/openssl/1.1The OpenBSD ports mailing-list 
security/openssl/3.0The OpenBSD ports mailing-list 
security/sslscanStuart Henderson 
sysutils/cdrtools   The OpenBSD ports mailing-list 
textproc/link-grammar   The OpenBSD ports mailing-list 
textproc/openjade   The OpenBSD ports mailing-list 
x11/fvwm2   Michael 

The raw grep over the build logs:

./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:620:34:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:625:29:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:620:34:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./databases/openldap23.log:/usr/obj/ports/openldap-server-2.3.43/openldap-2.3.43/libraries/libldap/url.c:625:29:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./databases/openldap23.log:url.c:620:34: warning: '%n' format specifier support 
is deactivated and will call abort(3)
./databases/openldap23.log:url.c:625:29: warning: '%n' format specifier support 
is deactivated and will call abort(3)
./databases/openldap23.log:url.c:620:34: warning: '%n' format specifier support 
is deactivated and will call abort(3)
./databases/openldap23.log:url.c:625:29: warning: '%n' format specifier support 
is deactivated and will call abort(3)
./devel/adb.log:transport.c:919:41: warning: '%n' format specifier support is 
deactivated and will call abort(3)
./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:514:39:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:571:40:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:917:40:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:514:39:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:571:40:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./devel/libvstr.log:/usr/obj/ports/vstr-1.0.15/vstr-1.0.15/src/vstr_sc.c:917:40:
 warning: '%n' format specifier support is deactivated and will call abort(3)
./lang/node.log:../deps/openssl/openssl/apps/rehash.c:407:53: warning: '%n' 
format specifier support is deactivated and will call abort(3)
./lang/node.log:../deps/openssl/openssl/apps/rehash.c:429:53: warning: '%n' 
format specifier support is deactivated and will call abort(3)
./lang/ghc.log: warning: '%n' format specifier support is deactivated and 
will call abort(3)
./lang/ghc.log: warning: '%n' format specifier support is deactivated and 
will call abort(3)
./lang/ghc.log: warning: '%n' format specifier support is deactivated and 
will call abort(3)
./lang/ghc.log: warning: '%n' format specifier support is deactivated and 
will call abort(3)
./lang/ghc.log: warning: '%n' format specifier support is deactivated and 
will call abort(3)
./lang/ghc.log: warning: '%n' format specifier support is deactivated and 
will call abort(3)
./lang/ghc.log: warning: '%n' format specifier

Re: Warnings for %n in format strings

Re: Warnings for %n in format strings

Re: Warnings for %n in format strings (2021-09-10)

Warnings for %n in format strings (2021-09-10)

Re: Warnings for %n in format strings

Re: Warnings for %n in format strings

Re: Warnings for %n in format strings

Re: Warnings for %n in format strings

lang/ghc (was: Warnings for %n in format strings)

Re: Warnings for %n in format strings

Warnings for %n in format strings

11 matches

Site Navigation

Mail list logo

Footer information