From f6015bee6ca55efeb86deec03214a64c2256306d Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 8 Feb 2024 10:41:29 +0000 Subject: gmni: disable `fortify3` to fix `gcc-13` build It's not masking a real overflow, but inhibits invalid `snprintf()` buffer size bassed. Without the change build fails on `master` as: In function 'snprintf', inlined from 'xt_end_chain' at src/tofu.c:82:3, inlined from 'xt_end_chain' at src/tofu.c:70:1: ...-glibc-2.38-27-dev/include/bits/stdio2.h:54:10: error: '__builtin___snprintf_chk' specified bound 4 exceeds destination size 3 [-Werror=stringop-overflow] 54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 55 | __glibc_objsize (__s), __fmt, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~ As the project is not maintained anymore let's just disable the `fortify3` that puts an extra check into `snprintf()` buffer. --- pkgs/applications/networking/browsers/gmni/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'pkgs/applications/networking') diff --git a/pkgs/applications/networking/browsers/gmni/default.nix b/pkgs/applications/networking/browsers/gmni/default.nix index 4bc4e360120fd..51dc9a3df53d2 100644 --- a/pkgs/applications/networking/browsers/gmni/default.nix +++ b/pkgs/applications/networking/browsers/gmni/default.nix @@ -14,6 +14,14 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ scdoc ]; buildInputs = [ bearssl ]; + # Fix build on `gcc-13`: + # inlined from 'xt_end_chain' at src/tofu.c:82:3, + # ...-glibc-2.38-27-dev/include/bits/stdio2.h:54:10: error: '__builtin___snprintf_chk' specified bound 4 exceeds destination size 3 [-Werror=stringop-overflow] + # + # The overflow will not happen in practice, but `snprintf()` gets + # passed one more byte than available. + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "A Gemini client"; homepage = "https://git.sr.ht/~sircmpwn/gmni"; -- cgit 1.4.1