[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gnu-libiconv] (no subject)
From: |
Jeffrey Walton |
Subject: |
Re: [bug-gnu-libiconv] (no subject) |
Date: |
Sat, 12 May 2012 16:47:32 -0400 |
Hi Thomas,
This was a quick smoke test on Linux (I'm not at a Windows machine at
the moment). Some of the Linux platform security stuff could be set
later. Windows will warn for similar issues.
./configure CFLAGS="-Wall -Wextra -Wconversion -fPIE -pie
-Wno-unused-parameter -Wformat=2 -Wformat-security
-fstack-protector-all -Wstrict-overflow -Wl,-z,noexecstack
-Wl,-z,relro -Wl,-z,now"
...
Lots of little issues, especially during conversions. "comparison
between signed and unsigned integer" should be fixed. Due to C/C++
promotion rules, -1 is greater than 1.
"conversion to ‘size_t’ from ‘long int’ may change the sign of the
result" (et al) should be tested to verify the conversion can be
performed safely.
If you think all of these are benign, you should write a negative test
case to verify.
In the end, its probably best to clear the issues since some could be
valid warnings/findings. Additionally, its nice to be able to clean
compile. If its fixed once, everyone benefits.
Jeff
libiconv-1.14'
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c allocator.c
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c areadlink.c
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c careadlinkat.c
careadlinkat.c: In function ‘careadlinkat’:
careadlinkat.c:127:7: warning: conversion to ‘size_t’ from ‘ssize_t’
may change the sign of the result [-Wsign-conversion]
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c malloca.c
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c progname.c
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c safe-read.c
safe-read.c: In function ‘safe_read’:
safe-read.c:69:9: warning: conversion to ‘size_t’ from ‘ssize_t’ may
change the sign of the result [-Wsign-conversion]
safe-read.c:75:9: warning: conversion to ‘size_t’ from ‘ssize_t’ may
change the sign of the result [-Wsign-conversion]
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c -o width.o `test -f
'uniwidth/width.c' || echo './'`uniwidth/width.c
uniwidth/width.c: In function ‘uc_width’:
uniwidth/width.c:322:38: warning: conversion to ‘ucs4_t’ from ‘int’
may change the sign of the result [-Wsign-conversion]
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c xmalloc.c
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c xstrdup.c
gcc -DHAVE_CONFIG_H -DEXEEXT=\"\" -I. -I.. -I../lib -I../intl
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -Wall -Wextra
-Wconversion -fPIE -pie -Wno-unused-parameter -Wformat=2
-Wformat-security -fstack-protector-all -Wstrict-overflow
-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -c xreadlink.c
rm -f libicrt.a
ar cru libicrt.a allocator.o areadlink.o careadlinkat.o malloca.o
progname.o safe-read.o width.o xmalloc.o xstrdup.o xreadlink.o
ranlib libicrt.a
make[2]: Leaving directory `/home/jeffrey/Desktop/libiconv-1.14/srclib'
make[1]: Leaving directory `/home/jeffrey/Desktop/libiconv-1.14/srclib'
cd src && make all
make[1]: Entering directory `/home/jeffrey/Desktop/libiconv-1.14/src'
gcc -c -I. -I. -I.. -I../include -I./../include -I../srclib
-I./../srclib -I../lib -Wall -Wextra -Wconversion -fPIE -pie
-Wno-unused-parameter -Wformat=2 -Wformat-security
-fstack-protector-all -Wstrict-overflow -Wl,-z,noexecstack
-Wl,-z,relro -Wl,-z,now -DINSTALLDIR=\"/usr/local/bin\"
-DLOCALEDIR=\"/usr/local/share/locale\" ./iconv_no_i18n.c
In file included from ./iconv_no_i18n.c:2:0:
./iconv.c: In function ‘update_line_column’:
./iconv.c:236:7: warning: conversion to ‘unsigned int’ from ‘int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c: In function ‘check_subst_formatstring’:
./iconv.c:300:39: warning: conversion to ‘unsigned int’ from ‘int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c:315:49: warning: conversion to ‘unsigned int’ from ‘int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c: In function ‘subst_mb_to_uc_fallback’:
./iconv.c:443:13: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_uc_to_mb_fallback’:
./iconv.c:483:3: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_mb_to_wc_fallback’:
./iconv.c:524:13: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_wc_to_mb_fallback’:
./iconv.c:565:3: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_mb_to_mb_fallback’:
./iconv.c:606:13: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘convert’:
./iconv.c:714:37: warning: conversion to ‘size_t’ from ‘long int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c:714:53: warning: comparison between signed and unsigned
integer expressions [-Wsign-compare]
./iconv.c:776:33: warning: conversion to ‘size_t’ from ‘long int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c:776:49: warning: comparison between signed and unsigned
integer expressions [-Wsign-compare]
./iconv.c: In function ‘main’:
./iconv.c:863:3: warning: statement with no effect [-Wunused-value]
/bin/bash ../libtool --mode=link gcc -Wall -Wextra -Wconversion -fPIE
-pie -Wno-unused-parameter -Wformat=2 -Wformat-security
-fstack-protector-all -Wstrict-overflow -Wl,-z,noexecstack
-Wl,-z,relro -Wl,-z,now iconv_no_i18n.o ../srclib/libicrt.a
../lib/libiconv.la -o iconv_no_i18n
libtool: link: gcc -Wall -Wextra -Wconversion -fPIE -pie
-Wno-unused-parameter -Wformat=2 -Wformat-security
-fstack-protector-all -Wstrict-overflow -Wl,-z -Wl,noexecstack -Wl,-z
-Wl,relro -Wl,-z -Wl,now iconv_no_i18n.o -o .libs/iconv_no_i18n
../srclib/libicrt.a ../lib/.libs/libiconv.so
gcc -c -I. -I. -I.. -I../include -I./../include -I../srclib
-I./../srclib -I../lib -Wall -Wextra -Wconversion -fPIE -pie
-Wno-unused-parameter -Wformat=2 -Wformat-security
-fstack-protector-all -Wstrict-overflow -Wl,-z,noexecstack
-Wl,-z,relro -Wl,-z,now -DINSTALLDIR=\"/usr/local/bin\"
-DLOCALEDIR=\"/usr/local/share/locale\" ./iconv.c
./iconv.c: In function ‘update_line_column’:
./iconv.c:236:7: warning: conversion to ‘unsigned int’ from ‘int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c: In function ‘check_subst_formatstring’:
./iconv.c:300:39: warning: conversion to ‘unsigned int’ from ‘int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c:315:49: warning: conversion to ‘unsigned int’ from ‘int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c: In function ‘subst_mb_to_uc_fallback’:
./iconv.c:443:13: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_uc_to_mb_fallback’:
./iconv.c:483:3: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_mb_to_wc_fallback’:
./iconv.c:524:13: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_wc_to_mb_fallback’:
./iconv.c:565:3: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘subst_mb_to_mb_fallback’:
./iconv.c:606:13: warning: format not a string literal, argument types
not checked [-Wformat-nonliteral]
./iconv.c: In function ‘convert’:
./iconv.c:714:37: warning: conversion to ‘size_t’ from ‘long int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c:714:53: warning: comparison between signed and unsigned
integer expressions [-Wsign-compare]
./iconv.c:776:33: warning: conversion to ‘size_t’ from ‘long int’ may
change the sign of the result [-Wsign-conversion]
./iconv.c:776:49: warning: comparison between signed and unsigned
integer expressions [-Wsign-compare]
test `ls -ld . | sed -e 's/^d\(.........\).*/\1/'` = rwxrwxrwx || chmod 777 .
make[1]: Leaving directory `/home/jeffrey/Desktop/libiconv-1.14/src'
cd po && make all
make[1]: Entering directory `/home/jeffrey/Desktop/libiconv-1.14/po'
make[1]: Leaving directory `/home/jeffrey/Desktop/libiconv-1.14/po'
cd man && make all
make[1]: Entering directory `/home/jeffrey/Desktop/libiconv-1.14/man'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/home/jeffrey/Desktop/libiconv-1.14/man'
if test -d tests; then cd tests && make all; fi
make[1]: Entering directory `/home/jeffrey/Desktop/libiconv-1.14/tests'
make[1]: Nothing to be done for `all'.
On Sat, May 12, 2012 at 4:03 AM, Thomas Lemm <address@hidden> wrote:
> Jeffrey,
>
> thank you for your answer! I am trying to get my patch approved of and made
> part of the regular libiconv release.
>
> As for the parts that I needed to change in the overall source code (which
> wasn't alot) I can telll you that it doesn't compile free of warnings which
> to me are benign. I'm happy to make the source compile free of warnings if
> that's a requirement to have the patch comitted.
>
> Kind regards
>
> Thomas
>
>
>
> ----- Ursprüngliche Nachricht -----
>
> Von: Jeffrey Walton
>
> Gesendet: 09.05.12 22:15 Uhr
>
> An: Thomas Lemm
>
> Betreff: Re: [bug-gnu-libiconv] (no subject)
>
>
>
> Hi Thomas,
>
> On Wed, May 9, 2012 at 7:40 AM, Thomas Lemm <address@hidden> wrote:
>> Hi,
>>
>> having submitted the "Patch for native Visual Studio 2010 compilation"
>> (see: http://savannah.gnu.org/bugs/?35088 ) I am searching for a developer
>> to approve of and commit the patch.
>>
>> The patch enables compiling iconv with "ms visual studio 2010" and mainly
>> provides visual studio project files. Only minor changes to the core sources
>> have been made (mainly some ifdefs to check which compiler compiles).
>>
>> Please consider to make this patch part of the new release. I'd be happy
>> to hear from you.
> There are varying levels of quality in the software world. For
> example, Linus is more than happy to turn off warnings so he can
> ignore conversion problems [1]; while Microsoft has an SDLC and wants
> a clean compile using /W4 /Wall and integration of platform security
> features such as /GS, /NXCOMPAT, /SafeSEH and /dynamicbase.
>
> I can help you with feedback under Visual Studio and the SDLC, but I
> need to know: which is your poison?
>
> Jeff
>
> [1] http://linux.derkeiler.com/Mailing-Lists/Kernel/2006-11/msg08325.html
>
>