New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compilation warnings in getpath.c with gcc on Ubuntu / -D_FORTIFY_SOURCE=2 #76556
Comments
On Ubuntu 16.04: $ gcc --version
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.5) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ make
[...]
In function ‘wcsncpy’,
inlined from ‘calculate_zip_path’ at ./Modules/getpath.c:797:5:
/usr/include/x86_64-linux-gnu/bits/wchar2.h:200:9: warning: call to ‘__wcsncpy_chk_warn’ declared with attribute warning: wcsncpy called with length bigger than size of destination buffer
return __wcsncpy_chk_warn (__dest, __src, __n,
^
In function ‘wcsncpy’,
inlined from ‘calculate_zip_path’ at ./Modules/getpath.c:806:9:
/usr/include/x86_64-linux-gnu/bits/wchar2.h:200:9: warning: call to ‘__wcsncpy_chk_warn’ declared with attribute warning: wcsncpy called with length bigger than size of destination buffer
return __wcsncpy_chk_warn (__dest, __src, __n,
^
In function ‘wcsncpy’,
inlined from ‘calculate_argv0_path’ at ./Modules/getpath.c:683:5:
/usr/include/x86_64-linux-gnu/bits/wchar2.h:200:9: warning: call to ‘__wcsncpy_chk_warn’ declared with attribute warning: wcsncpy called with length bigger than size of destination buffer
return __wcsncpy_chk_warn (__dest, __src, __n,
^
In function ‘wcsncpy’,
inlined from ‘calculate_argv0_path’ at ./Modules/getpath.c:736:13:
/usr/include/x86_64-linux-gnu/bits/wchar2.h:200:9: warning: call to ‘__wcsncpy_chk_warn’ declared with attribute warning: wcsncpy called with length bigger than size of destination buffer
return __wcsncpy_chk_warn (__dest, __src, __n,
^ |
In function ‘wcsncpy’, Line 797:
calculate type is "PyCalculatePath *" which is defined as: typedef struct { Earlier, all bytes are set to 0:
So I don't see how wcsncpy() can overflow. By the way, I'm unable to reproduce the warning on Fedora 27 with GCC 7.2.1. Are you using -D_FORTIFY_SOURCE=1? Are you compiling Python in release mode? Can you try to find the command line compiling getpath.c? |
Here is the command line: gcc -pthread -c -Wno-unused-result -Wsign-compare -g -Og -Wall -Wstrict-prototypes -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -I. -I./Include -DPy_BUILD_CORE -DPYTHONPATH='":"' \ |
The same on Ubuntu 17.10 with gcc 7.2.0. |
Ah, I missed the warning because I forge -O0 when I build Python. https://wiki.ubuntu.com/ToolChain/CompilerFlags Ubuntu adds -D_FORTIFY_SOURCE=2 flag by default. The warnings can be seen with "-D_FORTIFY_SOURCE=2 -Og", but not with "-D_FORTIFY_SOURCE=2 -O3". Moreover, "-D_FORTIFY_SOURCE=2 -O0" complains that _FORTIFY_SOURCE requires to optimize the code. It looks more like a false alarm because -D_FORTIFY_SOURCE=2 is incompatible with -Og. Maybe we should force -D_FORTIFY_SOURCE=0 when we build Python in debug mode? |
I don't think so. It's good to have fortify enabled, especially in debug mode :-) If the warnings are harmless and there isn't an easy way to suppress them, then I'm ok to close this issue. |
getpath.c uses many buffers of MAXPATHLEN+1 wide characters. Example:
These buffers are initialized to zero to make sure that the last character is always a NULL character. To keep the final NULL character, string copies use: wcsncpy(dest, src, MAXPATHLEN); This code is wrong: it truncates the string if it's longer than MAXPATHLEN characters. I modified the code to move global buffers closer to where there are used, and to dynamically allocate strings on the heap, rather using fixed sizes. But I didn't finish to "cleanup" Modules/getpath.c and PC/getpathp.c. The code still uses the buffer of fixed size and truncate strings. The real fix would be to avoid these fixed-size buffers, and only use dynamically allocated strings. I modified the code to allow to report errors. Previously, it wasn't possible exception using Py_FatalError() which is not a nice way to report errors, especially when Python is embedded in an application. |
See bpo-32030 for my huge refactoring work on the Python initialization code. |
Warnings are emitted when compile with gcc-5, gcc-6 and gcc-7, but not when compile with gcc-4.8 or gcc-8. Versions: gcc-4.8 (Ubuntu 4.8.5-4ubuntu8) 4.8.5 |
I just recompiled the master branch of Python twice using these flags:
I got a few warnings, the same that I get without FORTIFY SOURCE. Using -D_FORTIFY_SOURCE=2 -O3, I get one warning, but it's no longer from getpath.c but in socketmodule.c. So I created a new issue: bpo-38282 "socketmodule.c: _FORTIFY_SOURCE=2 warning in AF_ALG case of getsockaddrarg()". I close this issue. It has been fixed in the master branch. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: