Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1439113pxb; Thu, 4 Mar 2021 11:16:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJyEu9xpazV0T6vu2MVg7iB4srRveFnggyIf6vdzMfBLOAP+1jTlqCz3iYiQVTBLYnPR8iOf X-Received: by 2002:a05:6402:3089:: with SMTP id de9mr6281839edb.10.1614885382983; Thu, 04 Mar 2021 11:16:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614885382; cv=none; d=google.com; s=arc-20160816; b=YYgJTvaS0J8Pkfnti9+VY+R9tjZmABRsdNT5yauXZ+xeFGrk7IFPZaZGg8rNfN6vo9 z866CaA+B3CrkOfaf3FonObFzWEjC0Gscb//R62FInLDTa5+9SkrK/CTracuI9DH9ucr +UWXfiH1mm4fDob90wz62Qs4iEMVb1jwXQsmR1ViBVjGUaeo0b27zat8YWGj/lAvVHBo 2izBe+57IHfG4N0NUNOeh+7QzbeVIcFuaSJbiOUcFObq6AP0XP6ImELXtxSeHA4Uuapu Y2oPSP7nQBiqO5mcQJyNpEuObUC7A4J1Fno4BZ1/iI5PqOwr/kCwAyNZJ22QcvWDOza+ 6SBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=izbvsJ64UkHXLZcP0z2NGPyeOwISN1CNkNuLA4BqOHc=; b=NF+Y0nOiTjY0A2ido/JxXAjcuvsdvfAbY/NHi91tGZfcaHswsiMGX0E43ox8108yY1 Aj3O84+I2uBkrYFjSGfiDDeDTq0mL4zwelYJBi53hP9NnMWlNw0CPv12SGsNMqg4rt0B yWw8d4M6zqdkmD3msXjaY3zcFETMHNbVflLPz0+gxHRWoJoGrr7SfS57H8xQIuqLdUM+ 2OZ734T0Bjr6Q13X8IgC4QjRsjDWjL1eKUQ1tk76JHoxZ9prukRyjw7WSn1HfJeK8km4 uC9vUoPXazYMJ/UbEYU/J2cmDqEBozS9eNrPjXvObazxcWpZ40m2MD8mde6ViR41V6i9 HzJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v1si228440edb.592.2021.03.04.11.15.59; Thu, 04 Mar 2021 11:16:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230087AbhCDTDr (ORCPT + 99 others); Thu, 4 Mar 2021 14:03:47 -0500 Received: from mslow2.mail.gandi.net ([217.70.178.242]:33565 "EHLO mslow2.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236285AbhCDTDn (ORCPT ); Thu, 4 Mar 2021 14:03:43 -0500 Received: from relay13.mail.gandi.net (unknown [217.70.178.233]) by mslow2.mail.gandi.net (Postfix) with ESMTP id 49D2B3A9A37 for ; Thu, 4 Mar 2021 18:47:26 +0000 (UTC) Received: from [192.168.1.150] (unknown [78.199.60.242]) (Authenticated sender: hadess@hadess.net) by relay13.mail.gandi.net (Postfix) with ESMTPSA id 12DC780019; Thu, 4 Mar 2021 18:46:14 +0000 (UTC) Message-ID: Subject: Re: [PATCH 1/3] build: Add warnings for non-literal strings From: Bastien Nocera To: Luiz Augusto von Dentz Cc: "linux-bluetooth@vger.kernel.org" Date: Thu, 04 Mar 2021 19:46:14 +0100 In-Reply-To: References: <20210304124851.219154-1-hadess@hadess.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org On Thu, 2021-03-04 at 10:35 -0800, Luiz Augusto von Dentz wrote: > Hi Bastien, > > On Thu, Mar 4, 2021 at 9:21 AM Bastien Nocera > wrote: > > > > --- > >  acinclude.m4 | 2 +- > >  1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/acinclude.m4 b/acinclude.m4 > > index 529848357..6ae34b8ae 100644 > > --- a/acinclude.m4 > > +++ b/acinclude.m4 > > @@ -21,7 +21,7 @@ AC_DEFUN([COMPILER_FLAGS], [ > >                 with_cflags="$with_cflags -Wredundant-decls" > >                 with_cflags="$with_cflags -Wcast-align" > >                 with_cflags="$with_cflags -Wswitch-enum" > > -               with_cflags="$with_cflags -Wformat -Wformat-security" > > +               with_cflags="$with_cflags -Wformat -Wformat-security > > -Wformat-nonliteral" > > Does it actually have any benefit of having the format as always > string literal? I'm not really a big fan of using pragmas. It's a security feature[1], so it's pretty important that we avoid using non-literals when some of the arguments are user controlled, especially in a networked daemon. We already enabled "-Wformat-security", so not that much of a difference. This warning is also enabled by default on Fedora's GCC, so I get to see it whether I want to or not. I'd be happy actually fixing those warnings if you don't want pragmas at all, it would just be more code movement. If we can get those patches in, I can do a follow-up. [1]: Quick search gave me this explanation: https://owasp.org/www-community/attacks/Format_string_attack > >                 with_cflags="$with_cflags -DG_DISABLE_DEPRECATED" > >                 with_cflags="$with_cflags - > > DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_28" > >                 with_cflags="$with_cflags - > > DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32" > > -- > > 2.29.2 > > > >