diff options
author | Sergei Trofimovich <slyich@gmail.com> | 2024-02-08 10:41:29 +0000 |
---|---|---|
committer | Sergei Trofimovich <slyich@gmail.com> | 2024-02-08 10:43:06 +0000 |
commit | f6015bee6ca55efeb86deec03214a64c2256306d (patch) | |
tree | 077c4a5755951e657799099b1ae8a3210e6e416d /pkgs/applications/networking/browsers/gmni | |
parent | cd5c10f69676a36ae44254b8cfd58f528a062f65 (diff) |
gmni: disable `fortify3` to fix `gcc-13` build
It's not masking a real overflow, but inhibits invalid `snprintf()` buffer size bassed. Without the change build fails on `master` as: In function 'snprintf', inlined from 'xt_end_chain' at src/tofu.c:82:3, inlined from 'xt_end_chain' at src/tofu.c:70:1: ...-glibc-2.38-27-dev/include/bits/stdio2.h:54:10: error: '__builtin___snprintf_chk' specified bound 4 exceeds destination size 3 [-Werror=stringop-overflow] 54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 55 | __glibc_objsize (__s), __fmt, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~ As the project is not maintained anymore let's just disable the `fortify3` that puts an extra check into `snprintf()` buffer.
Diffstat (limited to 'pkgs/applications/networking/browsers/gmni')
-rw-r--r-- | pkgs/applications/networking/browsers/gmni/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkgs/applications/networking/browsers/gmni/default.nix b/pkgs/applications/networking/browsers/gmni/default.nix index 4bc4e360120fd..51dc9a3df53d2 100644 --- a/pkgs/applications/networking/browsers/gmni/default.nix +++ b/pkgs/applications/networking/browsers/gmni/default.nix @@ -14,6 +14,14 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ scdoc ]; buildInputs = [ bearssl ]; + # Fix build on `gcc-13`: + # inlined from 'xt_end_chain' at src/tofu.c:82:3, + # ...-glibc-2.38-27-dev/include/bits/stdio2.h:54:10: error: '__builtin___snprintf_chk' specified bound 4 exceeds destination size 3 [-Werror=stringop-overflow] + # + # The overflow will not happen in practice, but `snprintf()` gets + # passed one more byte than available. + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "A Gemini client"; homepage = "https://git.sr.ht/~sircmpwn/gmni"; |