about gcc warnings
gotrunks at gmail.com
gotrunks at gmail.com
Sun Feb 13 21:26:24 UTC 2011
On Sun, Feb 13, 2011 at 9:18 PM, Gilles Espinasse <g.esp at free.fr> wrote:
>
> ----- Original Message -----
> From: "Denys Vlasenko" <vda.linux at googlemail.com>
> To: <busybox at busybox.net>
> Cc: "Gilles Espinasse" <g.esp at free.fr>; <gotrunks at gmail.com>
> Sent: Sunday, February 13, 2011 6:31 PM
> Subject: Re: about gcc warnings
>
>
>> On Sunday 13 February 2011 14:24, Gilles Espinasse wrote:
>> >
>> > ----- Original Message -----
>> > From: <gotrunks at gmail.com>
>> > To: <busybox at busybox.net>
>> > Sent: Sunday, February 13, 2011 1:39 PM
>> > Subject: about gcc warnings
>> >
>> >
>> > > In busybox there are a lot of compile warnings like:
>> > > networking/wget.c:365: warning: format not a string literal and no
>> > > format arguments
>> > >
>> > > are these warnings wanted for some reason?
>>
>> I don't get any such warnings.
>>
> I was thinking that warning was related to gcc fortify. But no, this is a
> gcc warning
>
>> > Should only be rusting code
>> > This sort of warning is not present in 1.17.3.
>
> My error, I didn't see this warning because I didn't have -Wformat-security
>
>> But this just increases code size for no benefit.
>
> gcc-4.4.5 manual say
> If -Wformat is specified, also warn about uses of format functions that
> represent possible security problems. At present, this warns about calls to
> printf and scanf functions where the format string is not a string literal
> and there are no format arguments, as in printf (foo);. This may be a
> security hole if the format string came from untrusted input and contains
> `%n'. (This is currently a subset of what -Wformat-nonliteral warns about,
> but in future warnings may be added to -Wformat-security that are not
> included in -Wformat-nonliteral.)
>
AFAICS inputs used are always trusted
e.g. libbb/messages.c:const char bb_msg_memory_exhausted[] ALIGN1 =
"out of memory";
but sounds like a good practice to follow
> I have seen this size increase changing mount (bb-1.17.4) 6 warnings
> root:/usr/src/busybox-1.17.4$ make bloatcheck
> function old new delta
> singlemount 680 693 +13
> mount_it_now 178 185 +7
> ----------------------------------------------------------------------------
> --
> (add/remove: 0/0 grow/shrink: 2/0 up/down: 20/0) Total: 20
> bytes
> text data bss dec hex filename
> 293400 3253 8648 305301 4a895 busybox_old
> 293420 3253 8648 305321 4a8a9 busybox_unstripped
>
Well, I think there are more than 6 in trunk
~/dev/busybox$ grep -R 'msg(bb_msg' * | wc -l
12
~/dev/busybox$ grep -R 'die(bb_msg' * | wc -l
70
>
> Gilles
>
>
More information about the busybox
mailing list