Skip Menu |

This queue is for tickets about the Math-Int64 CPAN distribution.

Report information
The Basics
Id: 85688
Status: resolved
Priority: 0/
Queue: Math-Int64
People
Owner: Nobody in particular
Requestors: jquelin [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed May 29 03:35:48 2013 jquelin [...] cpan.org - Ticket created
Subject: compilation fails with -Werror=format-security
$ gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wl,--as-needed -Wl,-z,relro -Wl,-O1 -Wl,--build-id -Wl,--enable-new-dtags -pthread -DVERSION=\"0.29\" -DXS_VERSION=\"0.29\" -fPIC "-I/usr/lib/perl5/5.18.0/i386-linux-thread-multi/CORE" -DINT64_BACKEND_NV Int64.c Int64.xs: In function 'SvI64': Int64.xs:303:18: warning: this decimal constant is unsigned only in ISO C90 [enabled by default] Int64.xs:303:18: warning: this decimal constant is unsigned only in ISO C90 [enabled by default] Int64.xs: In function 'BER_to_uint64': Int64.xs:546:13: error: format not a string literal and no format arguments [-Werror=format-security] Int64.xs:550:5: error: format not a string literal and no format arguments [-Werror=format-security] Int64.xs: In function 'XS_Math__Int64_net_to_int64': Int64.xs:649:5: error: format not a string literal and no format arguments [-Werror=format-security] [...] attached patch fixes the problem.
Subject: Math-Int64-0.29-fix_format_security.patch
--- Int64.xs.orig 2013-05-29 09:08:54.444014117 +0200 +++ Int64.xs 2013-05-29 09:12:10.154231481 +0200 @@ -543,11 +543,11 @@ overflow(aTHX_ out_of_bounds_error_u); a = (a << 7) | (pv[i] & 0x7f); if ((pv[i] & 0x80) == 0) { - if (i + 1 != len) Perl_croak(aTHX_ invalid_BER_error); + if (i + 1 != len) Perl_croak("%s", aTHX_ invalid_BER_error); return a; } } - Perl_croak(aTHX_ invalid_BER_error); + Perl_croak("%s", aTHX_ invalid_BER_error); return 0; /* this dead code is a workaround for OpenWatcom */ } @@ -646,7 +646,7 @@ unsigned char *pv = (unsigned char *)SvPVbyte(net, len); int64_t i64; CODE: - if (len != 8) Perl_croak(aTHX_ invalid_length_error_s); + if (len != 8) Perl_croak("%s", aTHX_ invalid_length_error_s); i64 = (((((((((((((((int64_t)pv[0]) << 8) + (int64_t)pv[1]) << 8) + (int64_t)pv[2]) << 8) @@ -670,7 +670,7 @@ uint64_t u64; CODE: if (len != 8) - Perl_croak(aTHX_ invalid_length_error_u); + Perl_croak("%s", aTHX_ invalid_length_error_u); u64 = (((((((((((((((uint64_t)pv[0]) << 8) + (uint64_t)pv[1]) << 8) + (uint64_t)pv[2]) << 8) @@ -761,7 +761,7 @@ char *pv = SvPVbyte(native, len); CODE: if (len != 8) - Perl_croak(aTHX_ invalid_length_error_s); + Perl_croak("%s", aTHX_ invalid_length_error_s); if (use_native) { RETVAL = newSViv(0); Copy(pv, &(SvIVX(RETVAL)), 8, char); @@ -792,7 +792,7 @@ char *pv = SvPVbyte(native, len); CODE: if (len != 8) - Perl_croak(aTHX_ invalid_length_error_u); + Perl_croak("%s", aTHX_ invalid_length_error_u); if (use_native) { RETVAL = newSVuv(0); Copy(pv, &(SvUVX(RETVAL)), 8, char); @@ -1098,13 +1098,13 @@ down = SvI64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = newSVi64(aTHX_ up/down); } else { down = SvI64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvI64x(self) /= down; @@ -1131,13 +1131,13 @@ down = SvI64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = newSVi64(aTHX_ up % down); } else { down = SvI64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvI64x(self) %= down; @@ -1222,7 +1222,7 @@ } else sign = 1; if (b < 0) { - if (a == 0) Perl_croak(aTHX_ div_by_0_error); + if (a == 0) Perl_croak("%s", aTHX_ div_by_0_error); else if (a == 1) r = sign; else r = 0; } @@ -1592,13 +1592,13 @@ down = SvU64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = newSVu64(aTHX_ up/down); } else { down = SvU64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvU64x(self) /= down; @@ -1625,13 +1625,13 @@ down = SvU64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = newSVu64(aTHX_ up % down); } else { down = SvU64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak("%s", aTHX_ div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvU64x(self) %= down;
  Sat Jun 01 09:04:27 2013 SHLOMIF [...] cpan.org - Correspondence added
On Wed May 29 03:35:48 2013, JQUELIN wrote: Show quoted text
> $ gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe > -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -O2 -g -pipe -Wformat -Werror=format- > security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp- > buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic > -fasynchronous-unwind-tables -Wl,--as-needed -Wl,-z,relro -Wl,-O1 > -Wl,--build-id -Wl,--enable-new-dtags -pthread -DVERSION=\"0.29\" > -DXS_VERSION=\"0.29\" -fPIC "-I/usr/lib/perl5/5.18.0/i386-linux- > thread-multi/CORE" -DINT64_BACKEND_NV Int64.c > Int64.xs: In function 'SvI64': > Int64.xs:303:18: warning: this decimal constant is unsigned only in > ISO C90 [enabled by default] > Int64.xs:303:18: warning: this decimal constant is unsigned only in > ISO C90 [enabled by default] > Int64.xs: In function 'BER_to_uint64': > Int64.xs:546:13: error: format not a string literal and no format > arguments [-Werror=format-security] > Int64.xs:550:5: error: format not a string literal and no format > arguments [-Werror=format-security] > Int64.xs: In function 'XS_Math__Int64_net_to_int64': > Int64.xs:649:5: error: format not a string literal and no format > arguments [-Werror=format-security] > [...] > > attached patch fixes the problem.
Attached is a better patch (I'm also a Mageia packager) that also fixes the tests. Regards, -- Shlomi Fish
Subject: Math-Int64-0.29-fix_format_security.patch
--- Int64.xs.orig 2013-01-07 14:32:25.000000000 +0200 +++ Int64.xs 2013-06-01 14:36:47.993792428 +0300 @@ -543,11 +543,11 @@ overflow(aTHX_ out_of_bounds_error_u); a = (a << 7) | (pv[i] & 0x7f); if ((pv[i] & 0x80) == 0) { - if (i + 1 != len) Perl_croak(aTHX_ invalid_BER_error); + if (i + 1 != len) Perl_croak(aTHX_ "%s", invalid_BER_error); return a; } } - Perl_croak(aTHX_ invalid_BER_error); + Perl_croak(aTHX_ "%s", invalid_BER_error); return 0; /* this dead code is a workaround for OpenWatcom */ } @@ -646,7 +646,7 @@ unsigned char *pv = (unsigned char *)SvPVbyte(net, len); int64_t i64; CODE: - if (len != 8) Perl_croak(aTHX_ invalid_length_error_s); + if (len != 8) Perl_croak(aTHX_ "%s", invalid_length_error_s); i64 = (((((((((((((((int64_t)pv[0]) << 8) + (int64_t)pv[1]) << 8) + (int64_t)pv[2]) << 8) @@ -670,7 +670,7 @@ uint64_t u64; CODE: if (len != 8) - Perl_croak(aTHX_ invalid_length_error_u); + Perl_croak(aTHX_ "%s", invalid_length_error_u); u64 = (((((((((((((((uint64_t)pv[0]) << 8) + (uint64_t)pv[1]) << 8) + (uint64_t)pv[2]) << 8) @@ -761,7 +761,7 @@ char *pv = SvPVbyte(native, len); CODE: if (len != 8) - Perl_croak(aTHX_ invalid_length_error_s); + Perl_croak(aTHX_ "%s", invalid_length_error_s); if (use_native) { RETVAL = newSViv(0); Copy(pv, &(SvIVX(RETVAL)), 8, char); @@ -792,7 +792,7 @@ char *pv = SvPVbyte(native, len); CODE: if (len != 8) - Perl_croak(aTHX_ invalid_length_error_u); + Perl_croak(aTHX_ "%s", invalid_length_error_u); if (use_native) { RETVAL = newSVuv(0); Copy(pv, &(SvUVX(RETVAL)), 8, char); @@ -1098,13 +1098,13 @@ down = SvI64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = newSVi64(aTHX_ up/down); } else { down = SvI64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvI64x(self) /= down; @@ -1131,13 +1131,13 @@ down = SvI64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = newSVi64(aTHX_ up % down); } else { down = SvI64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvI64x(self) %= down; @@ -1222,7 +1222,7 @@ } else sign = 1; if (b < 0) { - if (a == 0) Perl_croak(aTHX_ div_by_0_error); + if (a == 0) Perl_croak(aTHX_ "%s", div_by_0_error); else if (a == 1) r = sign; else r = 0; } @@ -1592,13 +1592,13 @@ down = SvU64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = newSVu64(aTHX_ up/down); } else { down = SvU64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvU64x(self) /= down; @@ -1625,13 +1625,13 @@ down = SvU64(aTHX_ other); } if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = newSVu64(aTHX_ up % down); } else { down = SvU64(aTHX_ other); if (!down) - Perl_croak(aTHX_ div_by_0_error); + Perl_croak(aTHX_ "%s", div_by_0_error); RETVAL = self; SvREFCNT_inc(RETVAL); SvU64x(self) %= down;
  Sat Jun 01 09:04:27 2013 The RT System itself - Status changed from 'new' to 'open'
  Mon Jun 03 09:41:41 2013 salva [...] cpan.org - Correspondence added
I am unable to reproduce that issue. Could you post the details of the operating system and compiler you are using?
  Mon Jun 03 09:57:44 2013 jquelin [...] cpan.org - Correspondence added
On Mon Jun 03 09:41:41 2013, SALVA wrote: Show quoted text
> I am unable to reproduce that issue. > > Could you post the details of the operating system and compiler you > are using?
Mageia Linux. # gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-mageia-linux-gnu/4.7.2/lto-wrapper Target: x86_64-mageia-linux-gnu Configured with: ../configure --prefix=/usr --libexecdir=/usr/lib --with-slibdir=/lib64 --with-bugurl=http://bugs.mageia.org/ --mandir=/usr/share/man --infodir=/usr/share/info --enable-checking=release --enable-languages=c,c++,ada,fortran,objc,obj-c++,java --enable-linker-build-id --build=x86_64-mageia-linux-gnu --host=x86_64-mageia-linux-gnu --with-cpu=generic --with-system-zlib --enable-threads=posix --enable-shared --enable-objc-gc --enable-long-long --enable-__cxa_atexit --disable-libunwind-exceptions --enable-clocale=gnu --enable-java-awt=gtk --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-gtk-cairo --disable-libjava-multilib --enable-ssp --disable-libssp --disable-werror --with-ppl --with-cloog --with-python-dir=/lib/python2.7/site-packages --enable-lto Thread model: posix gcc version 4.7.2 (GCC) The flag making your dist to fail is -Werror=format-security
  Mon Jun 03 14:05:37 2013 salva [...] cpan.org - Correspondence added
I have uploaded version 0.30 to CPAN. Thank you for reporting the bug!
  Mon Jun 03 14:05:37 2013 salva [...] cpan.org - Status changed from 'open' to 'resolved'