Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1437405pxb; Thu, 4 Mar 2021 11:13:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJx+C+ekIC49mJlQMqcK1jkELdF/iMldV8glpyY2pErzHl8q7xZWtSXj/E2bpjoJyxyAu2Wj X-Received: by 2002:a17:906:3052:: with SMTP id d18mr6112657ejd.530.1614885212170; Thu, 04 Mar 2021 11:13:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614885212; cv=none; d=google.com; s=arc-20160816; b=C7sArYsdIx3SEdBkVm9BZryqalHyD2FOsrgsd8VFQgEnw4goHXybG5WScda6wTUV1I NCCD6CZ/2Oc3QFjG25wDPSn3UkokWPNf4VaVJEjx7nyaQ3ZUNttgKZxguRQOeRB/o9tD Z2kAPK7sTISQuhniuWIGfOxePiyweCEIGQT2qhTtoFws5egBZBHrY+2wEc3BD2vGeLul sAtVHqWw+nSh6R7/OwwLlhVErJDmloW2mlgu22KZzirxnncOIMPVjkM/c0ZUjSK+b3Pl OLGIX57CGHDzFT9wAwTTB0K4XUFo1klFPVqqQwZys/v9xid/OJJeF0F6Bs+LqC/Dbaaq /pPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=05W9YzXLfbmI2jr3bh2VuYvmWVoJ69L6SYPF8zYG2Yo=; b=mRFI/Yt4y8HWmzZ0R38K1HOPdjf+3BFl5CmYplXkPsSWCv9kVD+WlfHTiZjV0l/GNa W6KpwPKGH+pfob182Lv8KcDDZGRqYDq+0Fhq49BR4lTiru+uWHECJpuqeMInuPqJFTXo M1afrGJyv94teXVt1GfH2wG2phgj0nGmghZQXX3hcbVTIkQLcbJNXrN9zbKIvoIvqkBm ClXeRJ6QMDVWWEd+1P7WEwDOhPHW8TETbZ7JVM2Ult295elYgMLkKiYS4eLtDigu4lGH 4aZe842axpfRvchruEosW1JzzUzOeW893WHdfp8S44r3CBC18FVUsUNqry/F+9IN22Tu VRkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TpA++jDa; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p31si302652edb.114.2021.03.04.11.13.09; Thu, 04 Mar 2021 11:13:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TpA++jDa; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234609AbhCDSzr (ORCPT + 99 others); Thu, 4 Mar 2021 13:55:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231468AbhCDSz0 (ORCPT ); Thu, 4 Mar 2021 13:55:26 -0500 Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 353AFC061756 for ; Thu, 4 Mar 2021 10:54:46 -0800 (PST) Received: by mail-oi1-x234.google.com with SMTP id q203so8219677oih.5 for ; Thu, 04 Mar 2021 10:54:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=05W9YzXLfbmI2jr3bh2VuYvmWVoJ69L6SYPF8zYG2Yo=; b=TpA++jDag9+SdiH6PSurnKvXorxS/n21rsfAnTJJckyDjav/3HKxAOboIAF+z8ADfI 7CO+N7Jgtqm0kDvlc15TFSStj2WPfpB/KaUv2TMvQepfv878H7TNlPrh0b2UIWZcJT64 i+801ji96udO1xRUtXc8Uxn1KhP7sRWlNqxJ3ddw5Io5ra9Bp4X0sIxJpwWFZetU+aVx YftlBDNGWtRtG6dkiOb98kahjCaSiqFFkRQUc5onhrQ4LebSqheSEJDtAAnTz5USmrAE G1bg+1bFvoz9eIcvMjNSInlOQR7nmBBfGBFzpm5CTzOWcZAaDovsARdMJu5RBIYa/mq3 xOrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=05W9YzXLfbmI2jr3bh2VuYvmWVoJ69L6SYPF8zYG2Yo=; b=j1kP1nrmcjSUfFjfzO0dfa93jOnYuJ11Pqnl6kWaYBsKTNRPwchGpWoEpzMkun5yp1 Vso5ddaE1msni/hC4LHVNWaBjpaoiyxEBjT6x6dzjYxSvIGs3E1dmhHeaRENodIhZgTy VAEzaHkChPDqJy9Cu24FXAKSSPy+82+tcgFP+pmyzk2ZhDV8Gd/YdTLNhHV7WdPK+gtT CUslaMVFQgtwxFrRb/uqVhZ6Bxhxx4NzPvOK66TsPqJ5Mvg2V3HspUAWQvhiopbLFqkN +midOm/pOluwKl48D+BSdJXkqctvhKdkFi/6SAph/Q5peaQUxUUEOBnjVq0pldSLAvSs dsJQ== X-Gm-Message-State: AOAM531ERNF4MAV8uM7O4BeiyKdd+UBvM5ySuGFuP75Zn6Mc+BCTIDy6 N9VvU5wckw1XITwlY7S297ysrmxnluMv5HQiQxlMO7NlxLg= X-Received: by 2002:a54:468f:: with SMTP id k15mr4022438oic.58.1614884085547; Thu, 04 Mar 2021 10:54:45 -0800 (PST) MIME-Version: 1.0 References: <20210304124851.219154-1-hadess@hadess.net> In-Reply-To: From: Luiz Augusto von Dentz Date: Thu, 4 Mar 2021 10:54:34 -0800 Message-ID: Subject: Re: [PATCH 1/3] build: Add warnings for non-literal strings To: Bastien Nocera Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Bastien, On Thu, Mar 4, 2021 at 10:46 AM Bastien Nocera wrote: > > On Thu, 2021-03-04 at 10:35 -0800, Luiz Augusto von Dentz wrote: > > Hi Bastien, > > > > On Thu, Mar 4, 2021 at 9:21 AM Bastien Nocera > > wrote: > > > > > > --- > > > acinclude.m4 | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/acinclude.m4 b/acinclude.m4 > > > index 529848357..6ae34b8ae 100644 > > > --- a/acinclude.m4 > > > +++ b/acinclude.m4 > > > @@ -21,7 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [ > > > with_cflags="$with_cflags -Wredundant-decls" > > > with_cflags="$with_cflags -Wcast-align" > > > with_cflags="$with_cflags -Wswitch-enum" > > > - with_cflags="$with_cflags -Wformat -Wformat-security" > > > + with_cflags="$with_cflags -Wformat -Wformat-security > > > -Wformat-nonliteral" > > > > Does it actually have any benefit of having the format as always > > string literal? I'm not really a big fan of using pragmas. > > It's a security feature[1], so it's pretty important that we avoid > using non-literals when some of the arguments are user controlled, > especially in a networked daemon. We already enabled > "-Wformat-security", so not that much of a difference. > > This warning is also enabled by default on Fedora's GCC, so I get to > see it whether I want to or not. > > I'd be happy actually fixing those warnings if you don't want pragmas > at all, it would just be more code movement. If we can get those > patches in, I can do a follow-up. > > [1]: Quick search gave me this explanation: > https://owasp.org/www-community/attacks/Format_string_attack You should probably add the above link in the patch description, regarding the use of pragma. I'd say we need to convert to use literals directly then since otherwise we are not actually fixing anything just returning it back to ignore the error where we don't use literals. > > > with_cflags="$with_cflags -DG_DISABLE_DEPRECATED" > > > with_cflags="$with_cflags - > > > DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28" > > > with_cflags="$with_cflags - > > > DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32" > > > -- > > > 2.29.2 > > > > > > > > > -- Luiz Augusto von Dentz