FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Development

 
 
LinkBack Thread Tools
 
Old 03-24-2009, 09:04 AM
Matthias Klose
 
Default compiler errors with fread/fwrite and fortify source

Starting with intrepid and fortify source turned on by default, the compiler
unconditionally gives a warning for ignored return values for function calls of
functions which are declared with __attribute__((warn_unused_result)). Building
with -Werror turns the warnings into errors, which cannot be disabled (by
design) [1].

glibc declares both fread and fwrite (and fwrite_unlocked) with
__attribute__((warn_unused_result)). In [2] you find an argument why this may be
unwanted:

"""
> The reason why it is a glibc bug is that it is very over the top of adding the
> attribute here.

And indeed there is no logical difference between printf and fwrite here,
but glibc is marking fwrite and not printf.

In both cases, a valid programming style is to use fflush and ferror at
the end to check for errors, rather than checking on every write, or to
check the return value of fclose. A program that uses fwrite without
checking the return value or such a subsequent error is buggy - so is one
using printf and failing later to check for errors on stdout. (GCC is
among such buggy programs; "gcc --help >/dev/full" does not return error
status as it should.) But checking at the end suffices (albeit losing
information about the value of errno for the original error), you don't
need to check at every call.
"""

Our current practice to fix this in packages is to either turn of -Werror, or
patch the sources to introduce a dummy variable. Proposing to remove the
attribute for fwrite/fwrite_unlocked for jaunty.

Matthias

[1] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25509
[2] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25509#c6

--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
 
Old 03-24-2009, 03:59 PM
Kees Cook
 
Default compiler errors with fread/fwrite and fortify source

Hi Matthias,

On Tue, Mar 24, 2009 at 11:04:14AM +0100, Matthias Klose wrote:
> Our current practice to fix this in packages is to either turn of -Werror, or
> patch the sources to introduce a dummy variable. Proposing to remove the
> attribute for fwrite/fwrite_unlocked for jaunty.

I have no objection to this, and discovered the uselessness of unchecked
fclose during my UDS demonstration (i.e. fwrite would succeed, but fclose
would fail). fwrite warnings without fprintf, fclose, etc warnings is not
sensible, and covering all of those would be way too noisy.

-Kees

--
Kees Cook
Ubuntu Security Team

--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
 

Thread Tools




All times are GMT. The time now is 10:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org