Anonymous | Login | Signup for a new account | 2019-02-16 05:39 UTC | ![]() |
My View | View Issues | Change Log | Roadmap | Doomseeker Issue Support Ranking | Rules | My Account |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||
0003498 | Doomseeker | [All Projects] Security | public | 2018-09-19 13:29 | 2019-01-06 06:31 | ||||||||
Reporter | WubTheCaptain | ||||||||||||
Assigned To | WubTheCaptain | ||||||||||||
Priority | low | Severity | tweak | Reproducibility | always | ||||||||
Status | acknowledged | Resolution | open | ||||||||||
Platform | amd64 | OS | OpenBSD | OS Version | 6.4-current | ||||||||
Product Version | 1.1 | ||||||||||||
Target Version | Fixed in Version | ||||||||||||
Summary | 0003498: GCC compiler warns of unsafe C/C++ string functions used instead of safer alternatives | ||||||||||||
Description | During source compile on OpenBSD, the gcc compiler prints warnings about use of unsafe functions and suggests to replace them (irregardless of if their use is safe or unsafe in this scenario).[ 83%] Linking CXX executable ../../doomseeker CMakeFiles/doomseeker.dir/scanner.cpp.o: In function `Scanner::scriptMessage(Scanner::MessageLevel, char const*, ...) const': scanner.cpp:(.text+0x3b63): warning: sprintf() is often misused, please use snprintf() /usr/local/lib/qt5/./libQt5Core.so.2.2: warning: rand_r() is not random, it is deterministic. CMakeFiles/doomseeker.dir/random.cpp.o: In function `Random::nextUShort(unsigned short)': random.cpp:(.text+0x14f): warning: rand() may return deterministic values, is that what you want? /usr/X11R6/lib/libGL.so.17.1: warning: random() may return deterministic values, is that what you want? /usr/local/lib/libglib-2.0.so.4201.0: warning: stpcpy() is dangerous; do not use it /usr/local/lib/libglib-2.0.so.4201.0: warning: strcpy() is almost always misused, please use strlcpy() /usr/local/lib/libglib-2.0.so.4201.0: warning: vsprintf() is often misused, please use vsnprintf() /usr/local/lib/libglib-2.0.so.4201.0: warning: strcat() is almost always misused, please use strlcat() | ||||||||||||
Steps To Reproduce | gcc 4.2.1 on OpenBSD (with gcc-local(1) patches). Something like this:pkg_add cmake mercurial qt5 # as superuser privileges mkdir -p $HOME/.local/src/ && cd $HOME/.local/src/ hg clonehttps://bitbucket.org/Doomseeker/doomseeker/ [^] mkdir -p /tmp/doomseeker && cd /tmp/doomseeker Qt5Widgets_DIR=/usr/local/lib/qt5/cmake/Qt5Widgets/ Qt5LinguistTools_DIR=/usr/local/lib/qt5/cmake/Qt5LinguistTools/ Qt5Multimedia_DIR=/usr/local/lib/qt5/cmake/Qt5Multimedia Qt5Xml_DIR=/usr/local/lib/qt5/cmake/Qt5Xml export Qt5Widgets_DIR Qt5LinguistTools_DIR Qt5Multimedia_DIR Qt5Xml_DIR export CPATH=$CPATH:/usr/local/include cmake $HOME/.local/src/doomseeker/ CC=gcc CXX=g++ make -j4 | ||||||||||||
Additional Information | The following files create warnings in Doomseeker:
| ||||||||||||
Attached Files | |||||||||||||
![]() |
|
WubTheCaptain (developer) 2018-09-19 17:49 |
Might've been clang, actually. Anyway... |
WubTheCaptain (developer) 2018-09-22 01:21 |
Also tools/updaterevision/updaterevision.c's main function, strcpy(). |
Filystea (reporter) 2018-12-17 08:49 |
clang is default openbsd compiler. Glad there are people using my fav sys ;-) Btw. This is not that important. The problem is: You still can only compile servers because of fmod crap. Most times you will be dealing with malloc.h changing to stdlib.h;-) I had a rage topic about it once. Did compile for sake of compiling but never used. openbsd for life <3 |
Filystea (reporter) 2018-12-20 17:33 |
I belive I was not clear enough. Lock this up. those warnings are just PROPOSITIONS. Seriusly. I write quite a bit of C and this is silly. strlxxx is not standard. Ofc strcpy can do damage if programer fucks up but the function is not bad. Even gets is not bad ( yeah - I just said it ). Those are just crappy clang warnings. And openbsd did not pick clang because it's somehow *more secure makes more secure code or what ever *. |
Filystea (reporter) 2018-12-25 18:27 edited on: 2018-12-25 18:28 |
Actually it kind of bugged me. Is that really clang so I went on #openbsd free-node and seems this is openbsd addon for linker. Anyway strlcpy is lame to use. Use strncpy strnlen etc. Just pass buff_size - 1 and have the last byte set to 0/nul. Using 'n' family also fixes the warning. If anyone cares. hue hue ;-) |
Only registered users can voice their support. Click here to register, or here to log in. | |
Supporters: | No one explicitly supports this issue yet. |
Opponents: | No one explicitly opposes this issue yet. |
![]() |
|||
Date Modified | Username | Field | Change |
2018-09-19 13:29 | WubTheCaptain | New Issue | |
2018-09-19 13:29 | WubTheCaptain | OS | => OpenBSD |
2018-09-19 13:29 | WubTheCaptain | OS Version | => 6.4-current |
2018-09-19 13:29 | WubTheCaptain | Platform | => amd64 |
2018-09-19 17:49 | WubTheCaptain | Note Added: 0019575 | |
2018-09-22 01:21 | WubTheCaptain | Note Added: 0019607 | |
2018-09-29 15:07 | WubTheCaptain | Severity | minor => tweak |
2018-10-05 06:44 | WubTheCaptain | Target Version | => 1.2 |
2018-10-09 14:27 | WubTheCaptain | Target Version | 1.2 => |
2018-12-17 05:21 | WubTheCaptain | Category | Bug => Security |
2018-12-17 08:49 | Filystea | Note Added: 0020267 | |
2018-12-20 17:33 | Filystea | Note Added: 0020276 | |
2018-12-21 06:54 | WubTheCaptain | Priority | normal => low |
2018-12-25 18:27 | Filystea | Note Added: 0020282 | |
2018-12-25 18:28 | Filystea | Note Edited: 0020282 | View Revisions |
2018-12-25 18:28 | Filystea | Note Edited: 0020282 | View Revisions |
2019-01-06 06:31 | WubTheCaptain | Assigned To | => WubTheCaptain |
2019-01-06 06:31 | WubTheCaptain | Status | new => acknowledged |
Copyright © 2000 - 2019 MantisBT Team |