Open MPI logo

Open MPI Development Mailing List Archives

  |   Home   |   Support   |   FAQ   |   all Development mailing list

Subject: Re: [OMPI devel] Fwd: [Bug 1037231] New: openmpi FTBFS if "-Werror=format-security" flag is used
From: Jeff Squyres (jsquyres) (jsquyres_at_[hidden])
Date: 2013-12-04 13:53:12


Thanks Orion!

FWIW, we've already fixed this post-1.7.3; it'll be in the 1.7.4 release.

The code location for this opal_output() also moved; it's now in btl_usnic_stats.c, if you care.

On Dec 4, 2013, at 12:32 PM, Orion Poplawski <orion_at_[hidden]> wrote:

> The attached patch fixes this issue.
>
>
> -------- Original Message --------
> Subject: [Bug 1037231] New: openmpi FTBFS if "-Werror=format-security" flag is used
> Date: Tue, 03 Dec 2013 03:26:30 +0000
> From: bugzilla_at_[hidden]
> To: orion_at_[hidden]
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1037231
>
> Bug ID: 1037231
> Summary: openmpi FTBFS if "-Werror=format-security" flag is
> used
> Product: Fedora
> Version: rawhide
> Component: openmpi
> Assignee: dledford_at_[hidden]
> Reporter: dkholia_at_[hidden]
> QA Contact: extras-qa_at_[hidden]
> CC: dakingun_at_[hidden], dledford_at_[hidden],
> fenlason_at_[hidden], orion_at_[hidden]
>
>
>
>
> Description of problem
> ----------------------
>
> openmpi fails to build if "-Werror=format-security" flag is used.
>
> ...
>
> btl_usnic_module.c:829:5: error: format not a string literal and no format
> arguments [-Werror=format-security]
>
> ...
>
> We are working on a proposal to enable "-Werror=format-security" for all
> packages. Once this flag is enabled, GCC will refuse to compile code that could
> be vulnerable to a string format security flaw. For more details, please see
> https://fedorahosted.org/fesco/ticket/1185 page.
>
> To understand why it is important to fix this, please see
> https://fedoraproject.org/wiki/Format-Security-FAQ page.
>
> How to fix this
> ---------------
>
> The fix for these errors is quite simple. It's a matter of changing a
> line like,
>
> printf(foo);
>
> to read,
>
> printf("%s", foo);
>
> That's it.
>
> Please fix this issue in rawhide with a patch (which you should submit
> to upstream to merge moving forward). Please do a new build with the
> fix in rawhide. Other releases do not need to be directly fixed, but
> there should be no harm in pushing out this fix/patch with other needed
> changes to those branches.
>
> In the event you don't fix this bug before the next mass rebuild,
> provenpackagers may step in and update your package(s) to fix this
> issue.
>
> How reproducible
> ----------------
>
> Build openmpi-1.7.3-1.fc21.src.rpm with "-Werror=format-security" flag to
> reproduce the problem.
>
> To make this process easier, you can use a modified "redhat-rpm-config" package
> from http://people.fedoraproject.org/~halfie/artifacts/redhat-rpm-config/ URL.
>
> $ sha256sum redhat-rpm-config-9.1.0-56.fc20.*
> faad7594b2080fe76497d0ce50808c905a93dd7b41c1defdde5ca57e3833d3d2
> redhat-rpm-config-9.1.0-56.fc20.noarch.rpm
> 5aa9357174305c7285ffdbc92d7ffe1c07a8a95d5459b930461308f5aad75413
> redhat-rpm-config-9.1.0-56.fc20.src.rpm
>
> --
> You are receiving this mail because:
> You are on the CC list for the bug.
> Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=g1lCzLGyFI&a=cc_unsubscribe
>
>
> <openmpi-format.patch>_______________________________________________
> devel mailing list
> devel_at_[hidden]
> http://www.open-mpi.org/mailman/listinfo.cgi/devel

-- 
Jeff Squyres
jsquyres_at_[hidden]
For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/