On 04/10/2012 03:29 PM, Patrick Matthäi wrote: > it fails to build from source with hardening build flags enabled: > > gcc -DHAVE_CONFIG_H -I. -I. -I../../../.. > -I../../../../libglusterfs/src -I../../../../contrib/uuid > -D_FORTIFY_SOURCE=2 -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall > -DGF_LINUX_HOST_OS -I../../../../libglusterfs/src > -I../../../../xlators/lib/src -I../../../../rpc/rpc-lib/src -shared > -nostartfiles -O0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 > -Wformat -Wformat-security -Werror=format-security -Wall -c > afr-lk-common.c -o afr-lk-common.o >/dev/null 2>&1 > gcc -DHAVE_CONFIG_H -I. -I. -I../../../.. > -I../../../../libglusterfs/src -I../../../../contrib/uuid > -D_FORTIFY_SOURCE=2 -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall > -DGF_LINUX_HOST_OS -I../../../../libglusterfs/src > -I../../../../xlators/lib/src -I../../../../rpc/rpc-lib/src -shared > -nostartfiles -O0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 > -Wformat -Wformat-security -Werror=format-security -Wall -c > afr-self-heald.c -fPIC -DPIC -o .libs/afr-self-heald.o > afr-self-heald.c: In function '_crawl_proceed': > afr-self-heald.c:398:17: error: format not a string literal and no > format arguments [-Werror=format-security] > afr-self-heald.c:398:17: error: format not a string literal and no > format arguments [-Werror=format-security] > cc1: some warnings being treated as errors > make[6]: *** [afr-self-heald.lo] Error 1 Today I learned that -Werror=format-security generates totally bogus errors. If you look at the code you'd see it's *no different* security-wise than if it had been a string literal (which it was one line earlier) and it doesn't contain any % substitutions anyway. There are many tools to do this sort of checking correctly, and I'd be totally in favor of fixing defects that they report, but working around gcc bugs is pretty irksome.
