Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Development (http://www.linux-archive.org/ubuntu-development/)
-   -   compiler errors with fread/fwrite and fortify source (http://www.linux-archive.org/ubuntu-development/268940-compiler-errors-fread-fwrite-fortify-source.html)

Matthias Klose 03-24-2009 09:04 AM

compiler errors with fread/fwrite and fortify source
 
Starting with intrepid and fortify source turned on by default, the compiler
unconditionally gives a warning for ignored return values for function calls of
functions which are declared with __attribute__((warn_unused_result)). Building
with -Werror turns the warnings into errors, which cannot be disabled (by
design) [1].

glibc declares both fread and fwrite (and fwrite_unlocked) with
__attribute__((warn_unused_result)). In [2] you find an argument why this may be
unwanted:

"""
> The reason why it is a glibc bug is that it is very over the top of adding the
> attribute here.

And indeed there is no logical difference between printf and fwrite here,
but glibc is marking fwrite and not printf.

In both cases, a valid programming style is to use fflush and ferror at
the end to check for errors, rather than checking on every write, or to
check the return value of fclose. A program that uses fwrite without
checking the return value or such a subsequent error is buggy - so is one
using printf and failing later to check for errors on stdout. (GCC is
among such buggy programs; "gcc --help >/dev/full" does not return error
status as it should.) But checking at the end suffices (albeit losing
information about the value of errno for the original error), you don't
need to check at every call.
"""

Our current practice to fix this in packages is to either turn of -Werror, or
patch the sources to introduce a dummy variable. Proposing to remove the
attribute for fwrite/fwrite_unlocked for jaunty.

Matthias

[1] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25509
[2] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25509#c6

--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Kees Cook 03-24-2009 03:59 PM

compiler errors with fread/fwrite and fortify source
 
Hi Matthias,

On Tue, Mar 24, 2009 at 11:04:14AM +0100, Matthias Klose wrote:
> Our current practice to fix this in packages is to either turn of -Werror, or
> patch the sources to introduce a dummy variable. Proposing to remove the
> attribute for fwrite/fwrite_unlocked for jaunty.

I have no objection to this, and discovered the uselessness of unchecked
fclose during my UDS demonstration (i.e. fwrite would succeed, but fclose
would fail). fwrite warnings without fprintf, fclose, etc warnings is not
sensible, and covering all of those would be way too noisy.

-Kees

--
Kees Cook
Ubuntu Security Team

--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel


All times are GMT. The time now is 07:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.