Package: git Severity: important X-Debbugs-CC: sanv...@debian.org, samuel...@debian.org, g...@vger.kernel.org, pkg-rust-maintain...@alioth-lists.debian.net
When building against curl 8.14 git creates a whole bunch of compiler warnings. We originally discovered this because of a package in Debian that was using an embedded code copy of git and building it with -Werror (see debian bug 1107412) but the issue is clearly visible when rebuilding the git package in current sid.
imap-send.c:1421:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1421 | curl_easy_setopt(curl, CURLOPT_PORT, srvc->port); imap-send.c:1434:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1434 | curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, srvc->ssl_verify); imap-send.c:1435:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1435 | curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, srvc->ssl_verify); http-push.c:197:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 197 | curl_easy_setopt(curl, CURLOPT_HTTPGET, 1); http-push.c:197:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 197 | curl_easy_setopt(curl, CURLOPT_HTTPGET, 1); http-push.c:197:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 197 | curl_easy_setopt(curl, CURLOPT_HTTPGET, 1); http-push.c:197:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 197 | curl_easy_setopt(curl, CURLOPT_HTTPGET, 1); http-push.c:197:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 197 | curl_easy_setopt(curl, CURLOPT_HTTPGET, 1); http-push.c:197:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 197 | curl_easy_setopt(curl, CURLOPT_HTTPGET, 1); remote-curl.c:880:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 880 | curl_easy_setopt(slot->curl, CURLOPT_NOBODY, 0); remote-curl.c:881:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 881 | curl_easy_setopt(slot->curl, CURLOPT_POST, 1); remote-curl.c:885:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 885 | curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE, 4); http.c:1010:17: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1010 | curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0); http.c:1011:17: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1011 | curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0); http.c:1014:17: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1014 | curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1); http.c:1016:17: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1016 | curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2); http.c:1048:17: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1048 | curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE); http.c:1108:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1108 | curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20); http.c:1109:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1109 | curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); http.c:1142:17: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1142 | curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0); http.c:1183:25: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1183 | curl_easy_setopt(result, http.c:1186:25: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1186 | curl_easy_setopt(result, http.c:1189:25: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1189 | curl_easy_setopt(result, http.c:1192:25: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1192 | curl_easy_setopt(result, http.c:1195:25: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 1195 | curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); http.c:709:9: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning] 709 | curl_easy_setopt(c, CURLOPT_TCP_KEEPALIVE, 1);
While the compiler warnings appear to be new with curl 8.14 the underlying issue does not. curl_easy_setopt is a variadic function whose parameter types depend on the option selected. Passing a parameter of the wrong type to a variadic function can have consequences that vary by architecture and the types of the preceding parameters. It's possible that the right thing will happen by "accident", either because the types are in-fact the same size, or for example a 32-bit value may be converted to a 64-bit value where the top bits are garbage and the bottom bits are correct this may then be converted back to a 32-bit value throwing away the garbage. But it's equally possible the right thing will not happen, that the variadic function will end up dealing with garabage and will misbehave or crash I think the fix here is just to add casts and literal suffixes so the argument is passed as the correct type, but I'd appreciate feedback from people more familiar with the codebase
