Zandronum Chat @ irc.zandronum.com
#zandronum Get the latest version: 3.0
Source Code
My View | View Issues | Change Log | Roadmap | Doomseeker Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003498Doomseeker[All Projects] Securitypublic2018-09-19 13:292019-01-06 06:31
ReporterWubTheCaptain 
Assigned ToWubTheCaptain 
PrioritylowSeveritytweakReproducibilityalways
StatusacknowledgedResolutionopen 
Platformamd64OSOpenBSDOS Version6.4-current
Product Version1.1 
Target VersionFixed in Version 
Summary0003498: GCC compiler warns of unsafe C/C++ string functions used instead of safer alternatives
DescriptionDuring source compile on OpenBSD, the gcc compiler prints warnings about use of unsafe functions and suggests to replace them (irregardless of if their use is safe or unsafe in this scenario).

[ 83%] Linking CXX executable ../../doomseeker
CMakeFiles/doomseeker.dir/scanner.cpp.o: In function `Scanner::scriptMessage(Scanner::MessageLevel, char 
const*, ...) const':
scanner.cpp:(.text+0x3b63): warning: sprintf() is often misused, please use snprintf()
/usr/local/lib/qt5/./libQt5Core.so.2.2: warning: rand_r() is not random, it is deterministic.
CMakeFiles/doomseeker.dir/random.cpp.o: In function `Random::nextUShort(unsigned short)':
random.cpp:(.text+0x14f): warning: rand() may return deterministic values, is that what you want?
/usr/X11R6/lib/libGL.so.17.1: warning: random() may return deterministic values, is that what you want?

/usr/local/lib/libglib-2.0.so.4201.0: warning: stpcpy() is dangerous; do not use it
/usr/local/lib/libglib-2.0.so.4201.0: warning: strcpy() is almost always misused, please use strlcpy()

/usr/local/lib/libglib-2.0.so.4201.0: warning: vsprintf() is often misused, please use vsnprintf()
/usr/local/lib/libglib-2.0.so.4201.0: warning: strcat() is almost always misused, please use strlcat()
Steps To Reproducegcc 4.2.1 on OpenBSD (with gcc-local(1) patches). Something like this:

pkg_add cmake mercurial qt5 # as superuser privileges
mkdir -p $HOME/.local/src/ && cd $HOME/.local/src/
hg clonehttps://bitbucket.org/Doomseeker/doomseeker/ [^]
mkdir -p /tmp/doomseeker && cd /tmp/doomseeker
Qt5Widgets_DIR=/usr/local/lib/qt5/cmake/Qt5Widgets/
Qt5LinguistTools_DIR=/usr/local/lib/qt5/cmake/Qt5LinguistTools/
Qt5Multimedia_DIR=/usr/local/lib/qt5/cmake/Qt5Multimedia
Qt5Xml_DIR=/usr/local/lib/qt5/cmake/Qt5Xml
export Qt5Widgets_DIR Qt5LinguistTools_DIR Qt5Multimedia_DIR Qt5Xml_DIR
export CPATH=$CPATH:/usr/local/include
cmake $HOME/.local/src/doomseeker/
CC=gcc CXX=g++ make -j4
Additional InformationThe following files create warnings in Doomseeker:

  • src/core/scanner.cpp
  • src/core/random.cpp
Attached Files

- Relationships

-  Notes
User avatar (0019575)
WubTheCaptain (developer)
2018-09-19 17:49

 Might've been clang, actually. Anyway...
User avatar (0019607)
WubTheCaptain (developer)
2018-09-22 01:21

 Also tools/updaterevision/updaterevision.c's main function, strcpy().
User avatar (0020267)
Filystea (reporter)
2018-12-17 08:49

 clang is default openbsd compiler.

Glad there are people using my fav sys ;-)

Btw.

This is not that important. The problem is:

You still can only compile servers because of fmod crap.
Most times you will be dealing with malloc.h changing to stdlib.h;-)

I had a rage topic about it once. Did compile for sake of compiling but never used.

openbsd for life <3
User avatar (0020276)
Filystea (reporter)
2018-12-20 17:33

 I belive I was not clear enough. Lock this up. those warnings are just PROPOSITIONS.

Seriusly. I write quite a bit of C and this is silly.
strlxxx is not standard. Ofc strcpy can do damage if programer fucks up but the function is not bad. Even gets is not bad ( yeah - I just said it ).
Those are just crappy clang warnings.

And openbsd did not pick clang because it's somehow *more secure makes more secure code or what ever *.
User avatar (0020282)
Filystea (reporter)
2018-12-25 18:27
edited on: 2018-12-25 18:28

 Actually it kind of bugged me. Is that really clang so I went on #openbsd free-node and seems this is openbsd addon for linker.

Anyway strlcpy is lame to use.
Use strncpy strnlen etc. Just pass buff_size - 1 and have the last byte set to 0/nul. Using 'n' family also fixes the warning. If anyone cares. hue hue ;-)

Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2018-09-19 13:29 WubTheCaptain New Issue
2018-09-19 13:29 WubTheCaptain OS => OpenBSD
2018-09-19 13:29 WubTheCaptain OS Version => 6.4-current
2018-09-19 13:29 WubTheCaptain Platform => amd64
2018-09-19 17:49 WubTheCaptain Note Added: 0019575
2018-09-22 01:21 WubTheCaptain Note Added: 0019607
2018-09-29 15:07 WubTheCaptain Severity minor => tweak
2018-10-05 06:44 WubTheCaptain Target Version => 1.2
2018-10-09 14:27 WubTheCaptain Target Version 1.2 =>
2018-12-17 05:21 WubTheCaptain Category Bug => Security
2018-12-17 08:49 Filystea Note Added: 0020267
2018-12-20 17:33 Filystea Note Added: 0020276
2018-12-21 06:54 WubTheCaptain Priority normal => low
2018-12-25 18:27 Filystea Note Added: 0020282
2018-12-25 18:28 Filystea Note Edited: 0020282 View Revisions
2018-12-25 18:28 Filystea Note Edited: 0020282 View Revisions
2019-01-06 06:31 WubTheCaptain Assigned To => WubTheCaptain
2019-01-06 06:31 WubTheCaptain Status new => acknowledged




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker