Package: grilo-plugins Version: 0.2.12-4 Usertags: goto-cc During a rebuild of all Debian packages in a clean sid chroot (using cowbuilder and pbuilder) the build failed with the following error. Please note that we use our research compiler tool-chain (using tools from the cbmc package), which permits extended reporting on type inconsistencies at link time.
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -D_FORTIFY_SOURCE=2 -pthread -I/usr/include/grilo-0.2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libxml2 -I/usr/include/lua5.2 -pthread -I/usr/include/grilo-0.2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libxml2 -pthread -I/usr/include/json-glib-1.0 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -DLUA_FACTORY_SOURCE_LOCATION=\"grilo-plugins/grl-lua-factory\" -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -Wstrict-prototypes -Wnested-externs -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=pointer-arith -Werror=init-self -Werror=format-security -Werror=format=2 -Werror=missing-include-dirs -Wmissing-declarations -std=c99 -c grl-lua-library.c -fPIC -DPIC -o .libs/libgrlluafactory_la-grl-lua-library.o file grl-lua-library.c line 427 function grl_l_operation_get_options: in expression `lua_pushnil(L)': conversion from `void' to `const char *': implicit conversion not permitted CONVERSION ERROR Makefile:666: recipe for target 'libgrlluafactory_la-grl-lua-library.lo' failed make[5]: *** [libgrlluafactory_la-grl-lua-library.lo] Error 1 make[5]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-grilo-plugins/grilo-plugins-0.2.12/src/lua-factory' Makefile:709: recipe for target 'all-recursive' failed make[4]: *** [all-recursive] Error 1 This is the conditional operator used here: http://sources.debian.net/src/grilo-plugins/0.2.12-4/src/lua-factory/grl-lua-library.c?hl=427#L427 The return type of lua_pushnil is void, while lua_pushstring is declared as having a const char* return type. Yet the C standard requires that the second and third argument of the conditional operator ?: are both void or compatible pointer types (there are several other cases, see 6.5.15 of the C Standard). Failing this, the compiler may produce arbitrary code. The best fix is likely adding a (void) in front of lua_pushstring here. The same will apply in lines 462 and 463. (I'm happy to try out patches.) Best, Michael
pgpulD7fn3ORL.pgp
Description: PGP signature
