On the following testcase: int main() { char message[10] = ""; __builtin_printf(message); return 0; } we warn (or error) e.g. with: -Wformat -Wformat-security -Wformat -Werror=format-security -Wall -Wformat-security -Wall -Werror=format-security -Wformat -Wformat-security -Wformat -Wall -Wformat-security -Wformat -Wformat -Wformat-security -Wall -Wall -Wformat-security -Wall -Wformat -Wformat-security -Werror=format-security -Wformat -Wall -Wformat-security -Werror=format-security -Wformat -Wformat -Wformat-security -Werror=format-security -Wall -Wall -Wformat-security -Werror=format-security -Wall but not with: -Wformat -Werror=format-security -Wformat -Wall -Werror=format-security -Wformat -Wformat -Werror=format-security -Wall -Wall -Werror=format-security -Wall -Wall implies -Wformat (level 1) and -Wformat only for level 2 implies -Wformat-security, so something in the -Wformat or -Wall handling disables warn_format_security, but strangely only when the -Werror option is used.
For the theory of how I think this should behave, see <https://gcc.gnu.org/ml/gcc-patches/2012-05/msg00419.html> (referring back to <https://gcc.gnu.org/ml/gcc-bugs/2012-04/msg02134.html> and <https://gcc.gnu.org/ml/gcc/2010-01/msg00063.html> for the concept of distance for options overriding each other). That is, -Werror=format-security should act like a -Wformat-security variant, and so all these examples should warn/error. I don't know what the immediate cause of this issue or appropriate fix in the context of the present implementation might be.
Created attachment 40824 [details] gcc7-pr79677.patch Untested fix.
Author: jakub Date: Fri Feb 24 23:15:56 2017 New Revision: 245728 URL: https://gcc.gnu.org/viewcvs?rev=245728&root=gcc&view=rev Log: PR c/79677 * opts.h (handle_generated_option): Add GENERATED_P argument. * opts-common.c (handle_option): Adjust function comment. (handle_generated_option): Add GENERATED_P argument, pass it to handle_option. (control_warning_option): Pass false to handle_generated_option GENERATED_P. * opts.c (maybe_default_option): Pass true to handle_generated_option GENERATED_P. * optc-gen.awk: Likewise. ada/ * gcc-interface/misc.c (gnat_handle_option): Pass true to handle_generated_option GENERATED_P. testsuite/ * gcc.dg/pr79677.c: New test. Added: trunk/gcc/testsuite/gcc.dg/pr79677.c Modified: trunk/gcc/ChangeLog trunk/gcc/ada/ChangeLog trunk/gcc/ada/gcc-interface/misc.c trunk/gcc/optc-gen.awk trunk/gcc/opts-common.c trunk/gcc/opts.c trunk/gcc/opts.h trunk/gcc/testsuite/ChangeLog
Fixed.
With gcc 7.0.1-0.10.fc26 I'm starting to see errors like: cc1plus: error: -Wformat-security ignored without -Wformat [-Werror=format-security] If this is intended, we're going to need to fix redhat-rpm-config to change: %__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags} to add -Wformat.
(In reply to Orion Poplawski from comment #5) > With gcc 7.0.1-0.10.fc26 I'm starting to see errors like: > > cc1plus: error: -Wformat-security ignored without -Wformat > [-Werror=format-security] > > If this is intended, we're going to need to fix redhat-rpm-config to change: > > %__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security > -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong > --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags} > > to add -Wformat. Well, -Wformat is implied by -Wall, so it must be packages doing -Wno-format or similar. -Wformat -Wformat-security -Wno-format used to warn in the past, -Wformat -Werror=format-security -Wno-format used to be quite due to a bug, but now errors out. We have one instance of this problem in gcc too: AS_IF([test $enable_build_format_warnings = no], [wf_opt=-Wno-format],[wf_opt=]) Guess we want there: AS_IF([test $enable_build_format_warnings = no], [wf_opt="-Wno-format -Wno-format-security -Wno-format-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-format-nonliteral"],[wf_opt=])
Or perhaps makefiles filtering away -Wall or using -Wno-all.
Created attachment 40838 [details] /builddir/build/BUILD/cmake-3.7.2/Utilities/KWIML/test/test.c /usr/lib64/ccache/gcc -DKWIML_LANGUAGE_C -DKWIML_LANGUAGE_CXX -I/builddir/build/BUILD/cmake-3.7.2/build/Utilities -I/builddir/build/BUILD/cmake-3.7.2/Utilities -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wno-format -std=gnu11 -o CMakeFiles/kwiml_test.dir/test.c.o -c /builddir/build/BUILD/cmake-3.7.2/Utilities/KWIML/test/test.c cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security] cc1: some warnings being treated as errors I don't see any extra options myself.
Ah, just got the -Wno-format
I'm not sure how I'm practically supposed to handle this. In this case, for one sub-directory upstream adds -Wno-format to the flags: ./Utilities/KWIML/test/CMakeLists.txt: set(CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS} -Wno-format") Is this still a bug in gcc?
It is not a GCC bug, the general rule is that the options that enable suboptions don't change those (either way) if that option has been specified explicitly. So, -Wformat -Wformat-security -Wno-format does not disable -Wformat-security, but e.g. disables -Wformat-y2k because that option has not been set explicitly. So, either you change that set(CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS} -Wno-format") to set(CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS} -Wno-format -Wno-format-security") or e.g. strip off -Werror=format-security from RPM_OPT_FLAGS.
Adding -Wno-format-security does indeed work. Thank you.