629786 – sys-devel/gcc-4.9.4 - .../work/gcc-4.9.4/libcpp/expr.c:674:18: error: format not a string literal and no format arguments [-Werror=format-security]

Bug 629786 - sys-devel/gcc-4.9.4 - .../work/gcc-4.9.4/libcpp/expr.c:674:18: error: format not a string literal and no format arguments [-Werror=format-security]

Summary: sys-devel/gcc-4.9.4 - .../work/gcc-4.9.4/libcpp/expr.c:674:18: error: format ...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-09-03 16:50 UTC by René Rhéaume
Modified:	2017-10-25 12:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
emerge --info (emerge-info.txt,5.95 KB, text/plain) 2017-09-03 16:50 UTC, René Rhéaume	Details
build.log (build.log,564.96 KB, text/plain) 2017-09-03 16:52 UTC, René Rhéaume	Details
gcc-build-logs.tar.bz2 (gcc-build-logs.tar.bz2,138.02 KB, application/x-bzip-compressed-tar) 2017-09-03 16:57 UTC, René Rhéaume	Details
gcc-4.9.4-format-security.patch (gcc-4.9.4-format-security-r1.patch,26.73 KB, patch) 2017-10-01 00:46 UTC, René Rhéaume	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description René Rhéaume 2017-09-03 16:50:03 UTC

I am trying to upgrade my GCC from 4.8.4 which was declared obsolete to 4.9.4 as I started to have compile errors in C++ packages. However, I am unable to use my current compiler to perform the needed update.

Reproducible: Always

Steps to Reproduce:
1. emerge gcc:4.9.4
2.
3.
Actual Results:  
 * ERROR: sys-devel/gcc-4.9.4::gentoo failed (compile phase):
 *   emake failed


Expected Results:  
GCC 4.9.4 installed on its slot

Comment 1 René Rhéaume 2017-09-03 16:50:47 UTC

Created attachment 492144 [details]
emerge --info

Comment 2 René Rhéaume 2017-09-03 16:52:41 UTC

Created attachment 492146 [details]
build.log

Comment 3 René Rhéaume 2017-09-03 16:57:07 UTC

Created attachment 492148 [details]
gcc-build-logs.tar.bz2

/var/tmp/portage/sys-devel/gcc-4.9.4/work/gcc-build-logs.tar.bz2 as requested in the detailed error message

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2017-09-19 07:03:26 UTC

 * CFLAGS="-march=athlon64-sse3 -O2 -pipe -fno-strict-overflow -fstack-check -Wformat -Werror=format-security"

Turning warnings into errors (-Werror*) does not make your system more secure.

Comment 5 René Rhéaume 2017-10-01 00:46:25 UTC

Created attachment 497284 [details, diff]
gcc-4.9.4-format-security.patch

Meanwhile, I made a patch to fix those format security problems. Here it is.

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2017-10-25 12:06:18 UTC

CFLAGS="-march=athlon64-sse3 -O2 -pipe -fno-strict-overflow -fstack-check -ffunction-sections -fdata-sections -Wformat -Werror=format-security -static-libgcc"

-Werror=format-security is not a security flag - it's a development aid. Just remove it.