[clamav-users] ClamAV® blog: ClamAV 0.103.0 released!

Fri Sep 18 04:28:27 UTC 2020

On 9/15/20 12:22 PM, Arjen de Korte via clamav-users wrote:
> ClamAV 0.103.0 builds (and runs) fine most of the time, but I do see 
> (infrequent) failing checks on the build servers for openSUSE. This 
> could be a race condition in the tests and might depend on the number of 
> cores or CPU of the buildserver it runs on.
> 
> One thing that does concern me slightly, is the number of -Wformat 
> warning in the tests, for example
> 
> [  166s] In file included from check_clamav.c:11:
> [  166s] check_clamav.c: In function 'diff_file_mem':
> [  166s] check_clamav.c:1267:26: warning: format '%d' expects argument 
> of type 'int', but argument 5 has type 'size_t' {aka 'long unsigned 
> int'} [-Wformat=]
> [  166s]  1267 |     ck_assert_msg(!!buf, "unable to malloc buffer: %d", 
> len);
> [  166s]       |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
> ~~~
> [  166s]       |                                                         |
> [  166s]       |                                                         
> size_t {aka long unsigned int}
> [  166s] check_clamav.c:1267:53: note: format string is defined here
> [  166s]  1267 |     ck_assert_msg(!!buf, "unable to malloc buffer: %d", 
> len);
> [  166s]       |                                                    ~^
> [  166s]       |                                                     |
> [  166s]       |                                                     int
> [  166s]       |                                                    %ld
> 
> There are many more which could potentially be an issue.

The Fedora build fails because we build with -Werror=format-security:

gcc -DHAVE_CONFIG_H -I. -I.. -I../libclammspack  -I.. -I../libclamav 
-I../libclamav -I../libclamunrar_iface -pthread   -I/usr/include/json-c 
  -DSRCDIR=\"/home/orion/fedora/clamav/clamav-0.103.0/unit_tests\" 
-DOBJDIR=\"/home/orion/fedora/clamav/clamav-0.103.0/unit_tests\" 
-I/usr/include/libprelude  -I/usr/include/libxml2 -O2 -flto=auto 
-ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall 
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 
-Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 
-fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 
-m64 -mtune=generic -fasynchronous-unwind-tables 
-fstack-clash-protection  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE 
-D_FILE_OFFSET_BITS=64 -c -o check_clamav-check_jsnorm.o `test -f 
'check_jsnorm.c' || echo './'`check_jsnorm.c
In file included from check_jsnorm.c:32:
check_jsnorm.c: In function 'tokenizer_test':
check_jsnorm.c:250:57: error: format not a string literal and no format 
arguments [-Werror=format-security]
   250 |         ck_assert_msg("failed to open output file: %s", filename);
       |                                                         ^~~~~~~~

In this case it appears that the ck_assert_msg() call is missing the 
condition check.  I've filed 
https://github.com/Cisco-Talos/clamav-devel/pull/138 with I think the 
proper fix.

Orion

-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3843 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200917/61e3565a/attachment.bin>