Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI is broken (yet again) #4297

Closed
kmk3 opened this issue May 23, 2021 · 2 comments
Closed

CI is broken (yet again) #4297

kmk3 opened this issue May 23, 2021 · 2 comments

Comments

@kmk3
Copy link
Collaborator

kmk3 commented May 23, 2021

It looks like it was broken by #4229. Workflow run:

Log excerpt 

gcc-10 -g -O2 -ggdb -W -Wall -Werror -O2 -DVERSION='"0.9.65"'  -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/firejail"' -DLIBDIR='"/usr/lib"' -DBINDIR='"/usr/bin"'  -DHAVE_OUTPUT -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_APPARMOR  -DHAVE_USERTMPFS -DHAVE_DBUSPROXY -DHAVE_FIRETUNNEL -DHAVE_GLOBALCFG -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -DHAVE_SELINUX  -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security -fstack-clash-protection -fstack-protector-strong -fanalyzer   -c fs_whitelist.c -o fs_whitelist.o
In function ‘tmpfs_topdirs’:
fs_whitelist.c:398:1: error: leak of ‘topdirs’ [CWE-401] [-Werror=analyzer-malloc-leak]
  398 | }
      | ^
  ‘fs_whitelist’: events 1-4
    |
    |  523 | void fs_whitelist(void) {
    |      |      ^~~~~~~~~~~~
    |      |      |
    |      |      (1) entry to ‘fs_whitelist’
    |  524 |  ProfileEntry *entry = cfg.profile;
    |  525 |  if (!entry)
    |      |     ~ 
    |      |     |
    |      |     (2) following ‘false’ branch (when ‘entry’ is non-NULL)...
    |......
    |  528 |  if (asprintf(&runuser, "/run/user/%u", getuid()) == -1)
    |      |  ~~ ~ 
    |      |  |  |
    |      |  |  (4) following ‘false’ branch...
    |      |  (3) ...to here
    |
  ‘fs_whitelist’: event 5
    |
    |../include/common.h:39:164:
    |   39 | #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
    |      |                                                                                                                                                                    ^
    |      |                                                                                                                                                                    |
    |      |                                                                                                                                                                    (5) ...to here
fs_whitelist.c:529:3: note: in expansion of macro ‘errExit’
    |  529 |   errExit("asprintf");
    |      |   ^~~~~~~
    |
  ‘fs_whitelist’: event 6
    |
    |  536 |  if (nowhitelist == NULL)
    |      |     ^
    |      |     |
    |      |     (6) following ‘false’ branch (when ‘nowhitelist’ is non-NULL)...
    |
  ‘fs_whitelist’: event 7
    |
    |../include/common.h:39:164:
    |   39 | #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
    |      |                                                                                                                                                                    ^
    |      |                                                                                                                                                                    |
    |      |                                                                                                                                                                    (7) ...to here

Link to the previous issue: #4256

Cc: @glitsj16 @netblue30 @reinerh @rusty-snake @smitsohu (as participants
of #4229/#4256)
@kmk3 kmk3 mentioned this issue May 23, 2021
Closed
@reinerh
Copy link
Collaborator

reinerh commented May 23, 2021

I just checked this error and can confirm that it is a false positive by GCC 10.
When rebuilding the same file (fs_whitelist.c) with GCC 11, it no longer detects a memory leak and builds it successfully.

Unfortunately there are new warnings with GCC 11 (see #4274).

@reinerh reinerh mentioned this issue May 23, 2021
Closed
reinerh added a commit that referenced this issue May 23, 2021
@reinerh
CI: build with GCC 11
c7e7df7 
this fixes a new false positive memory leak (#4297), but unfortunately
opens a few new false positives (#4274).
therefore let it ignore memleak checks for now, until the detection
is a bit more stable in GCC.

Fixes: #4274, #4297
@reinerh reinerh mentioned this issue May 23, 2021
Merged
reinerh added a commit that referenced this issue May 23, 2021
@reinerh
CI: build with GCC 11
e96cdfb 
this fixes a new false positive memory leak (#4297), but unfortunately
opens a few new false positives (#4274).
therefore let it ignore memleak checks for now, until the detection
is a bit more stable in GCC.

Fixes: #4274, #4297
reinerh added a commit that referenced this issue May 23, 2021
@reinerh
CI: build with GCC 11
07b85f3 
this fixes a new false positive memory leak (#4297), but unfortunately
opens a few new false positives (#4274).
therefore let it ignore memleak checks for now, until the detection
is a bit more stable in GCC.

Fixes: #4274, #4297
smitsohu added a commit to smitsohu/firejail that referenced this issue May 23, 2021
@smitsohu
whitelist testing (netblue30#4229, netblue30#4297, netblue30#4300)
45919bf
@reinerh reinerh closed this as completed May 23, 2021
@kmk3
Copy link
Collaborator Author

kmk3 commented May 23, 2021

@reinerh @smitsohu Thanks for the quick fixes!

@matu3ba matu3ba mentioned this issue Oct 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reinerh @kmk3