Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 621036 - sys-devel/gcc-7.1.0 (and older as well) uses non-portable definition of _FORTIFY_SOURCE
Summary: sys-devel/gcc-7.1.0 (and older as well) uses non-portable definition of _FORT...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: High major with 2 votes (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2017-06-06 15:01 UTC by Martin Kletzander
Modified: 2019-11-12 00:11 UTC (History)
11 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Working contents of my /etc/portage/patches/sys-devel/gcc/gcc-default-fortification-fix.patch (gcc-default-fortification-fix.patch,1.36 KB, patch)
2017-06-06 15:01 UTC, Martin Kletzander
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Kletzander 2017-06-06 15:01:57 UTC
Created attachment 475362 [details, diff]
Working contents of my /etc/portage/patches/sys-devel/gcc/gcc-default-fortification-fix.patch

When building any project that uses _FORTIFY_SOURCE to determine something using a preprocessor directive (e.g. anything with gnulib), the build emits warnings similar to this one with gcc-7.1.0-r1:

  ../config.h:2994:48: error: this use of "defined" may not be portable [-Werror=expansion-to-defined]
               || (defined _FORTIFY_SOURCE && 0 < _FORTIFY_SOURCE \

According to the gcc documentation macros should not use 'defined' in them due to portability reasons:

  -Wexpansion-to-defined

  Warn whenever ‘defined’ is encountered in the expansion of a macro (including the case where the macro is expanded by an ‘#if’ directive). Such usage is not portable. This warning is also enabled by -Wpedantic and -Wextra.

The warning was added in gcc-7, but the definition is used in Gentoo even before gcc-5 (gcc-4.9.4 is the last one I've seen, but I didn't go any farther).  And so any build on my machine fails when I'm building any project with -Werror.  This is caused by Gentoo patch 10_all_default-fortify-source.patch  I currently have a workaround for it in a sense of a user patch applied on top of the Gentoo's mentioned one.  This patch is attached in this bug report.  Feel free to use it or guide me as to where to send a patch for the Gentoo patches if you want me to follow up on this work.
Comment 1 Steven Green 2017-07-21 16:10:54 UTC
This is also causing compiler warnings in other packages including dev-db/mongodb which has to be built with the --disable-warnings-as-errors flag to circumvent it.

See https://jira.mongodb.org/browse/SERVER-29982

I submitted a pull request to mongodb that fixed it, but it has been rejected as they blame the tool chain for the various linux distros that add this non standard behaviour.  See https://github.com/mongodb/mongo/pull/1164
Comment 2 Martin Kletzander 2017-07-22 06:58:48 UTC
(In reply to Steven Green from comment #1)
> This is also causing compiler warnings in other packages including
> dev-db/mongodb which has to be built with the --disable-warnings-as-errors
> flag to circumvent it.
> 
> See https://jira.mongodb.org/browse/SERVER-29982
> 
> I submitted a pull request to mongodb that fixed it, but it has been
> rejected as they blame the tool chain for the various linux distros that add
> this non standard behaviour.  See https://github.com/mongodb/mongo/pull/1164

Yes, exactly.  That's how I got to finding the root cause, after gnulib developers  told me it's GCC's problem.  I must say the workaround in attachment (or, if you prefer inline):

  # wget -O /etc/portage/patches/sys-devel/gcc/gcc-default-fortification-fix.patch https://bugs.gentoo.org/attachment.cgi?id=475362
  # emerge -1 gcc

works for me pretty well since the time of the submission (more than a month).
Comment 3 Steven Green 2017-07-22 23:32:42 UTC
The problem with MongoDB appears to be a different problem. I still get the same warning with the patch.

If you run gcc with a command line something like:
  gcc -Werror -O2 -D_FORTIFY_SOURCE=2 ...

Then when it processes -D_FORTIFY_SOURCE=2 it generates a warning:
  error: "_FORTIFY_SOURCE" redefined [-Werror]

And because of -Werror an error is generated and the rest of the build fails. Even without Werror it makes your build log messy with a warning for each source file.

Looking at the gcc source code, cpp_define() generates a warning if a macro is already defined subject to the logic in libcpp/macro.c:warn_of_redefinition() and I can't see any easy way to get around it without some serious gcc modifications.

There don't seem to be any other macros that work like this... most predefined macros are there to let the source code know about the compiler environment and not designed to be overwritten.
Comment 4 Martin Kletzander 2017-07-23 14:42:24 UTC
(In reply to Steven Green from comment #3)
Well, I guess it also depends on what was the original intention behind the gentoo's gcc patch.

Of course _FORTIFY_SOURCE can be defined only if it was not defined before.  And it can be done in the gcc code.  But I feel like this one should be handled by MongoDB's build process.  Either defined it only if it was not before (which is easy to check) or forcefully redefine it.
Comment 5 Matthias Maier gentoo-dev 2017-07-23 14:52:06 UTC
All, thanks for the bug report.

I will update the Gentoo patchset for current compilers (while doing the gcc-6.4.0 bump) sometime this week.

For the additional redefinition error in MongoDB I suggest to open a separate bug report (on bgo and upstream as well).
Comment 6 Martin Kletzander 2018-05-09 12:20:50 UTC
Any update on this?  I would send a patch for the patchset, but I can't find where the repository for that resides.  If you point me the right way, I'll send a patch for that.
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-05-09 18:49:22 UTC
(In reply to Martin Kletzander from comment #6)
> Any update on this?  I would send a patch for the patchset, but I can't find
> where the repository for that resides.  If you point me the right way, I'll
> send a patch for that.

It's managed as a CVS tree here: https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/gcc/

For example here is most recent fortify source patch: https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/10_all_default-fortify-source.patch?revision=1.1&view=markup

You'll need to craft a patch against unmodified gcc tree so this patch could be changed.
Comment 8 Martin Kletzander 2018-05-10 09:04:00 UTC
(In reply to Sergei Trofimovich from comment #7)
> (In reply to Martin Kletzander from comment #6)
> > Any update on this?  I would send a patch for the patchset, but I can't find
> > where the repository for that resides.  If you point me the right way, I'll
> > send a patch for that.
> 
> It's managed as a CVS tree here:
> https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/gcc/
> 
> For example here is most recent fortify source patch:
> https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/
> gentoo/10_all_default-fortify-source.patch?revision=1.1&view=markup
> 
> You'll need to craft a patch against unmodified gcc tree so this patch could
> be changed.

Thanks a lot, I'll see what I remember about CVS.  Where would one send the patch for that repository?  Is gentoo-dev fine, should I use different ML or just attach it into this BZ?  My guess is that it's not the last one, because that doesn't support proper review mechanism.
Comment 9 Martin Kletzander 2018-05-10 09:06:47 UTC
Also one small follow-up question.  Is there a way how to test it locally?  I don't see a way how to change where the ebuild is pulling the patchset from.
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2018-05-10 19:24:08 UTC
(In reply to Martin Kletzander from comment #8)
> > You'll need to craft a patch against unmodified gcc tree so this patch could
> > be changed.
> 
> Where would one send the
> patch for that repository?  Is gentoo-dev fine, should I use different ML or
> just attach it into this BZ?  My guess is that it's not the last one,
> because that doesn't support proper review mechanism.

I suggest attaching fix here. There is no easy way to propose a fix for CVS repo.
Luckily we just store standalone files there.

You can also send a patch for review to toolchain@ to get more attention.

WRT review aspect of this particular path my thoughts are:

1. I am a bit worried about this patch in general:
  gcc did not handle _FORTIFY_SOURCE at all before Gentoo made this change:
    https://github.com/gcc-mirror/gcc/search?utf8=%E2%9C%93&q=_FORTIFY_SOURCE&type=
  Note how the only use is in libssp library (a stub stack checker that is normally provided by libc, gentoo does not use libssp on linux).
  This means various things:
  - no matter what we do there will be code that manages to fail in presence of _FORTIFY_SOURCE coming from compiler
  - CC=clang builds will not set _FORTIFY_SOURCE

  Thus I would suggest going for whatever is simplest and works most of the time.

2. If you still think compiler is the right place to put this define and would still like more reviews I suggest sending a similar patch directly to gcc upstream. The idea would be to add a configure option --enable-default-fortify-source=<number> (similar to --enable-default-pie) which would set this define. That way other distributions could elect to use this flag and share the pain of rare breakages like that.
And you would get more reviews from interested parties.

But these are just my suggestions.

(In reply to Martin Kletzander from comment #9)
> Also one small follow-up question.  Is there a way how to test it locally? 
> I don't see a way how to change where the ebuild is pulling the patchset
> from.

I suggest placing your path to /etc/portage/patches/sys-devel/gcc and excluding existing patch from patchset by using EPATCH_USER_EXCLUDE:
    # EPATCH_USER_EXCLUDE=10_all_default-fortify-source.patch emerge -v1 sys-devel/gcc

You should see a message like
 * Applying Gentoo patches ...
 *   Skipping 10_all_default-fortify-source.patch due to EPATCH_USER_EXCLUDE ...
...
 * Applying user patches from /etc/portage/patches/sys-devel/gcc ...
<your-patch>
Comment 11 Larry the Git Cow gentoo-dev 2018-11-22 23:55:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=86549c2ffccd36fbf393a3574167278a412a4d6d

commit 86549c2ffccd36fbf393a3574167278a412a4d6d
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-11-22 23:52:23 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-11-22 23:52:23 +0000

    8.2.0: pull 10_all_default-fortify-source.patch from Debian, bug #621036
    
    glibc and other packages expect _FORTIFY_SOURCE define to be a number.
    Before the patch _FORTIFY_SOURCE was
        ((defined __OPTIMIZE__ && __OPTIMIZE__ > 0) ? 2 : 0)
    After the patch it's
        2
    (or not set if build is unoptimised).
    
    Reported-by: Martin Kletzander
    Bug: https://bugs.gentoo.org/621036
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 8.2.0/gentoo/10_all_default-fortify-source.patch | 17 ++++++++++++-----
 8.2.0/gentoo/README.history                      |  3 +++
 2 files changed, 15 insertions(+), 5 deletions(-)
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-22 23:56:43 UTC
Let's try Debian's patch first and see how it goes on 8.2.0.

I didn't cut new patchset yet.
Comment 13 Larry the Git Cow gentoo-dev 2018-12-01 13:06:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=7c98079352f8d8a7f81260efbdac695688a0f9fa

commit 7c98079352f8d8a7f81260efbdac695688a0f9fa
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-12-01 13:05:16 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-12-01 13:05:16 +0000

    8.2.0: cut 1.6 patchset
    
    Single patch update:
    U 10_all_default-fortify-source.patch: simplify _FORTIFY_SOURCE default.
    
    Bug: https://bugs.gentoo.org/621036
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 8.2.0/gentoo/README.history | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 14 Larry the Git Cow gentoo-dev 2018-12-01 14:51:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a31bfabde628a467337b1e1f18832f795074dc21

commit a31bfabde628a467337b1e1f18832f795074dc21
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-12-01 13:10:24 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-12-01 14:50:41 +0000

    sys-devel/gcc: 8.2.0: cut 1.6 patchset
    
    Single patch update:
    U 10_all_default-fortify-source.patch: simplify _FORTIFY_SOURCE default.
    
    Reported-by: Martin Kletzander
    Bug: https://bugs.gentoo.org/621036
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 sys-devel/gcc/Manifest            |  1 +
 sys-devel/gcc/gcc-8.2.0-r5.ebuild | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)
Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev 2018-12-01 14:55:17 UTC
Please test gcc-8.2.0-r5. If it goes file I'll pull the change to older gcc versions.
Comment 16 Larry the Git Cow gentoo-dev 2018-12-07 22:53:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=0402657947045ebe81a9806e8dfdeaf69591e6a0

commit 0402657947045ebe81a9806e8dfdeaf69591e6a0
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-12-07 22:53:01 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-12-07 22:53:01 +0000

    7.4.0: pull 10_all_default-fortify-source.patch from Debian, bug #621036
    
    Reported-by: Martin Kletzander
    Bug: https://bugs.gentoo.org/621036
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 7.4.0/gentoo/01_all_default-fortify-source.patch | 17 ++++++++++++-----
 7.4.0/gentoo/README.history                      |  5 ++++-
 2 files changed, 16 insertions(+), 6 deletions(-)
Comment 17 Larry the Git Cow gentoo-dev 2018-12-09 11:22:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15c9a8f7667e84e3861622fea4ca82dae10a9fdf

commit 15c9a8f7667e84e3861622fea4ca82dae10a9fdf
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-12-09 11:22:16 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-12-09 11:22:16 +0000

    sys-devel/gcc: bump up to 7.4.0, 1.1 patchset
    
    Compared to 7.3.0 patchset base single patch update:
    01_all_default-fortify-source.patch:
      simplify _FORTIFY_SOURCE macro definition
    
    Bug: https://bugs.gentoo.org/621036
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 sys-devel/gcc/Manifest         |  2 ++
 sys-devel/gcc/gcc-7.4.0.ebuild | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+)
Comment 18 Martin Kletzander 2018-12-13 13:25:10 UTC
Looks like it works, thanks.  Should I mark it as resolved or leave it up to you?
Comment 19 Sergei Trofimovich (RETIRED) gentoo-dev 2018-12-13 19:49:14 UTC
Thanks for the test! I'd like to keep it open to backport the change to older gcc versions.
Comment 20 Tomáš Mózes 2019-02-07 11:37:50 UTC
Just tested mongodb-4.0.5 with gcc-8.2.0-r6 and these messages are gone now:
<command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
<built-in>: note: this is the location of the previous definition
Comment 21 Larry the Git Cow gentoo-dev 2019-02-09 16:38:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d397de260edea710cd2452005473a440cbb79699

commit d397de260edea710cd2452005473a440cbb79699
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-09 12:16:36 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-09 16:38:28 +0000

    sys-devel/gcc: cut 1.2 patchset for 7.4.0
    
    One new patch and one update:
    U 01_all_default-fortify-source.patch: make _FORTIFY_SOURCE portable
    + 21_all_kr-decl-PR88214.patch: fix SIGSEVs on net-analyzer/netcat
    
    Reported-by: ernsteiswuerfel
    Closes: https://bugs.gentoo.org/672032
    Reported-and-tested-by:  Martin Kletzander
    Tested-by: Tomáš Mózes
    Bug: https://bugs.gentoo.org/621036
    Package-Manager: Portage-2.3.59, Repoman-2.3.12
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 sys-devel/gcc/Manifest            |  1 +
 sys-devel/gcc/gcc-7.4.0-r1.ebuild | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
Comment 22 Sergei Trofimovich (RETIRED) gentoo-dev 2019-11-12 00:11:52 UTC
gcc-7.4.0 is stable everywhere. Let's call it done.