FTBFS: gcc9 stringop-truncation and others

Bug #1835831 reported by Andreas Hasenack on 2019-07-08
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Squid
Unknown
Unknown
squid (Ubuntu)
High
Unassigned

Bug Description

Same error with latest upstream, which is 4.7 at this time:
libtool: compile: x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid/squid.conf\" -DDEFAULT_SQUID_DATA_DIR=\"/usr/share/squid\" -DDEFAULT_SQUID_CONFIG_DIR=\"/etc/squid\" -I../.. -I../../include -I../../lib -I../../src -I../../include -isystem /usr/include/mit-krb5 -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 -fdebug-prefix-map=/home/ubuntu/git/packages/squid/squid=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -c smbencrypt.c -fPIC -DPIC -o .libs/smbencrypt.o
In file included from /usr/include/string.h:494,
                 from ../../compat/xstring.h:13,
                 from ../../compat/compat_shared.h:225,
                 from ../../compat/compat.h:87,
                 from ../../include/squid.h:43,
                 from smblib-util.c:33:
In function ‘strncpy’,
    inlined from ‘SMB_Negotiate’ at smblib-util.c:404:9:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ output may be truncated copying 79 bytes from a string of length 79 [-Werror=stringop-truncation]
  106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
    inlined from ‘SMB_Negotiate’ at smblib-util.c:427:9:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ output may be truncated copying 79 bytes from a string of length 79 [-Werror=stringop-truncation]
  106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
    inlined from ‘SMB_TreeConnect’ at smblib-util.c:541:5:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 129 equals destination size [-Werror=stringop-truncation]
  106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
    inlined from ‘SMB_TreeConnect’ at smblib-util.c:542:5:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 20 equals destination size [-Werror=stringop-truncation]
  106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libtool: compile: x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid/squid.conf\" -DDEFAULT_SQUID_DATA_DIR=\"/usr/share/squid\" -DDEFAULT_SQUID_CONFIG_DIR=\"/etc/squid\" -I../.. -I../../include -I../../lib -I../../src -I../../include -isystem /usr/include/mit-krb5 -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 -fdebug-prefix-map=/home/ubuntu/git/packages/squid/squid=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -c smbencrypt.c -o smbencrypt.o >/dev/null 2>&1
cc1: all warnings being treated as errors
make[3]: *** [Makefile:816: smblib-util.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
make[3]: Leaving directory '/home/ubuntu/git/packages/squid/squid/lib/smblib'
make[2]: *** [Makefile:1047: all-recursive] Error 1
make[2]: Leaving directory '/home/ubuntu/git/packages/squid/squid/lib'
make[1]: *** [Makefile:584: all-recursive] Error 1
make[1]: Leaving directory '/home/ubuntu/git/packages/squid/squid'
make: *** [/usr/share/cdbs/1/class/makefile.mk:77: debian/stamp-makefile-build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

Andreas Hasenack (ahasenack) wrote :

There are other failures after the ones I pasted. I updated the upstream bug report with them.

summary: - FTBFS: gcc9 stringop-truncation
+ FTBFS: gcc9 stringop-truncation and others

I uploaded a workaround, and the gcc-9 upstream patch
http://launchpadlibrarian.net/433155919/squid_4.6-2ubuntu1_4.6-2ubuntu3.diff.gz
and an export of
"-Wno-sizeof-pointer-memaccess -Wno-stringop-truncation"

flags.

It shouldn't make things worse, because the bugs are already there, but at least I unblocked something else, while upstream takes care of them.
(I also pinged the person who did the gcc-9 fixes, asking him to help)

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid - 4.6-2ubuntu4

---------------
squid (4.6-2ubuntu4) eoan; urgency=medium

  * Fix gcc-9 issues (LP: #1835831)
    - Remove -Wno-sizeof-pointer-memaccess -Wno-stringop-truncation
    - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
      lib/smblib/smblib-util.c.
  * SECURITY UPDATE: incorrect digest auth parameter parsing
    - debian/patches/CVE-2019-12525.patch: check length in
      src/auth/digest/Config.cc.
    - CVE-2019-12525
  * SECURITY UPDATE: buffer overflow in basic auth decoding
    - debian/patches/CVE-2019-12527.patch: switch to SBuf in
      src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
      src/clients/FtpGateway.cc.
    - CVE-2019-12527
  * SECURITY UPDATE: basic auth uudecode length issue
    - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
      base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
      include/uudecode.h, lib/uudecode.c.
    - CVE-2019-12529
  * SECURITY UPDATE: XSS issues in cachemgr.cgi
    - debian/patches/CVE-2019-13345.patch: properly escape values in
      tools/cachemgr.cc.
    - CVE-2019-13345

 -- Marc Deslauriers <email address hidden> Fri, 19 Jul 2019 08:01:58 -0400

Changed in squid (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.