On Fri, Feb 1, 2019 at 8:36 PM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: > gcc-9.0.0-0.3.fc30.x86_64 from Fedora Rawhide: > > gcc version 9.0.0 20190119 (Red Hat 9.0.0-0.3) (GCC) > > $ make DESTDIR=~/obj install install-pywrap > ... > > make[2]: Entering directory > '/home/build/SELinuxProject-selinux/libsepol/src' > cc -O2 -Werror -Wall -Wextra -Wmissing-format-attribute > -Wmissing-noreturn -Wpointer-arith -Wshadow -Wstrict-prototypes > -Wundef -Wunused -Wwrite-strings -I. -I../include -D_GNU_SOURCE > -I../cil/include -fPIC -c -o genbools.o genbools.c > In function ‘strtrim’, > inlined from ‘process_boolean.constprop’ at genbools.c:52:2: > genbools.c:24:2: error: ‘strncpy’ output may be truncated copying > 8191 bytes from a string of length 8191 > [-Werror=stringop-truncation] > 24 | strncpy(dest, ptr, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~ > This is a typical strncpy() abuse. See 'man strncpy' -> /NOTES for how to handle the corner case correctly (same for similar issues below). > ... > > make[2]: Entering directory > '/home/build/SELinuxProject-selinux/libsepol/src' > cc -O2 -Werror -Wall -Wextra -Wmissing-format-attribute > -Wmissing-noreturn -Wpointer-arith -Wshadow -Wstrict-prototypes > -Wundef -Wunused -Wwrite-strings -I. -I../include -D_GNU_SOURCE > -I../cil/include -fPIC -DSHARED -c -o genbools.lo genbools.c > In function ‘strtrim’, > inlined from ‘process_boolean.constprop’ at genbools.c:52:2: > genbools.c:24:2: error: ‘strncpy’ output may be truncated copying > 8191 bytes from a string of length 8191 > [-Werror=stringop-truncation] > 24 | strncpy(dest, ptr, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~ > > ... > > make[2]: Entering directory > '/home/build/SELinuxProject-selinux/libselinux/src' > cc -O2 -Werror -Wall -Wextra -Wmissing-format-attribute > -Wmissing-noreturn -Wpointer-arith -Wshadow -Wstrict-prototypes > -Wundef -Wunused -Wwrite-strings -I../include -D_GNU_SOURCE > -DNO_ANDROID_BACKEND -c -o booleans.o booleans.c > In function ‘strtrim’, > inlined from ‘process_boolean’ at booleans.c:362:2: > booleans.c:335:2: error: ‘strncpy’ output may be truncated copying > between 8188 and 8191 bytes from a string of length 8191 > [-Werror=stringop-truncation] > 335 | strncpy(dest, ptr, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~ > > ... > > > > When libselinux is built separately, other CFLAGS is used: > > $ cd libselinux > > $ make DESTDIR=~/obj install install-pywrap > ... > > make[1]: Entering directory > '/home/build/SELinuxProject-selinux/libselinux/src' > > cc -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self > -Wmissing-include-dirs -Wunused -Wunknown-pragmas > -Wstrict-aliasing -Wshadow -Wpointer-arith -Wbad-function-cast > -Wcast-align -Wwrite-strings -Waggregate-return > -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes > -Wmissing-declarations -Wmissing-noreturn > -Wmissing-format-attribute -Wredundant-decls -Wnested-externs > -Winline -Winvalid-pch -Wvolatile-register-var > -Wdisabled-optimization -Wbuiltin-macro-redefined -Wattributes > -Wmultichar -Wdeprecated-declarations -Wdiv-by-zero > -Wdouble-promotion -Wendif-labels -Wextra -Wformat-extra-args > -Wformat-zero-length -Wformat=2 -Wmultichar -Woverflow > -Wpointer-to-int-cast -Wpragmas -Wno-missing-field-initializers > -Wno-sign-compare -Wno-format-nonliteral -Wframe-larger-than=32768 > -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions > -fasynchronous-unwind-tables -fdiagnostics-show-option > -funit-at-a-time -Werror -Wno-aggregate-return > -Wno-redundant-decls -fipa-pure-const -Wlogical-op > -Wpacked-bitfield-compat -Wsync-nand -Wcoverage-mismatch -Wcpp > -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const > -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure > -Wtrampolines -Wjump-misses-init -Wno-suggest-attribute=pure > -Wno-suggest-attribute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 > -Wstrict-overflow=5 -I../include -D_GNU_SOURCE > -DNO_ANDROID_BACKEND -c -o booleans.o booleans.c > booleans.c: In function ‘security_get_boolean_names’: > booleans.c:39:5: error: assuming signed overflow does not occur > when changing X +- C1 cmp C2 to X cmp C2 -+ C1 > [-Werror=strict-overflow] > 39 | int security_get_boolean_names(char ***names, int *len) > | ^~~~~~~~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors This one is really weird... Perhaps a bug in GCC? At the very least the warning message and source code location are super confusing, which is a bug on its own... -- Ondrej Mosnacek <omosnace at redhat dot com> Associate Software Engineer, Security Technologies Red Hat, Inc.
