github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4297] CI is broken (yet again) #2612

New issue
Closed
opened 2026-05-05 09:16:48 -06:00 by gitea-mirror · 2 comments
gitea-mirror commented 2026-05-05 09:16:48 -06:00
Owner
Copy link

Originally created by @kmk3 on GitHub (May 23, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4297

It looks like it was broken by #4229. Workflow run:

Log excerpt 

gcc-10 -g -O2 -ggdb -W -Wall -Werror -O2 -DVERSION='"0.9.65"'  -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/firejail"' -DLIBDIR='"/usr/lib"' -DBINDIR='"/usr/bin"'  -DHAVE_OUTPUT -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_APPARMOR  -DHAVE_USERTMPFS -DHAVE_DBUSPROXY -DHAVE_FIRETUNNEL -DHAVE_GLOBALCFG -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -DHAVE_SELINUX  -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security -fstack-clash-protection -fstack-protector-strong -fanalyzer   -c fs_whitelist.c -o fs_whitelist.o
In function ‘tmpfs_topdirs’:
fs_whitelist.c:398:1: error: leak of ‘topdirs’ [CWE-401] [-Werror=analyzer-malloc-leak]
  398 | }
      | ^
  ‘fs_whitelist’: events 1-4
    |
    |  523 | void fs_whitelist(void) {
    |      |      ^~~~~~~~~~~~
    |      |      |
    |      |      (1) entry to ‘fs_whitelist’
    |  524 |  ProfileEntry *entry = cfg.profile;
    |  525 |  if (!entry)
    |      |     ~ 
    |      |     |
    |      |     (2) following ‘false’ branch (when ‘entry’ is non-NULL)...
    |......
    |  528 |  if (asprintf(&runuser, "/run/user/%u", getuid()) == -1)
    |      |  ~~ ~ 
    |      |  |  |
    |      |  |  (4) following ‘false’ branch...
    |      |  (3) ...to here
    |
  ‘fs_whitelist’: event 5
    |
    |../include/common.h:39:164:
    |   39 | #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
    |      |                                                                                                                                                                    ^
    |      |                                                                                                                                                                    |
    |      |                                                                                                                                                                    (5) ...to here
fs_whitelist.c:529:3: note: in expansion of macro ‘errExit’
    |  529 |   errExit("asprintf");
    |      |   ^~~~~~~
    |
  ‘fs_whitelist’: event 6
    |
    |  536 |  if (nowhitelist == NULL)
    |      |     ^
    |      |     |
    |      |     (6) following ‘false’ branch (when ‘nowhitelist’ is non-NULL)...
    |
  ‘fs_whitelist’: event 7
    |
    |../include/common.h:39:164:
    |   39 | #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
    |      |                                                                                                                                                                    ^
    |      |                                                                                                                                                                    |
    |      |                                                                                                                                                                    (7) ...to here

Link to the previous issue: #4256

Cc: @glitsj16 @netblue30 @reinerh @rusty-snake @smitsohu (as participants
of #4229/#4256)

Originally created by @kmk3 on GitHub (May 23, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4297 It looks like it was broken by #4229. Workflow run: * <https://github.com/netblue30/firejail/runs/2534847161> <details> <summary>Log excerpt</summary> <p> ``` gcc-10 -g -O2 -ggdb -W -Wall -Werror -O2 -DVERSION='"0.9.65"' -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/firejail"' -DLIBDIR='"/usr/lib"' -DBINDIR='"/usr/bin"' -DHAVE_OUTPUT -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_APPARMOR -DHAVE_USERTMPFS -DHAVE_DBUSPROXY -DHAVE_FIRETUNNEL -DHAVE_GLOBALCFG -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -DHAVE_SELINUX -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security -fstack-clash-protection -fstack-protector-strong -fanalyzer -c fs_whitelist.c -o fs_whitelist.o In function ‘tmpfs_topdirs’: fs_whitelist.c:398:1: error: leak of ‘topdirs’ [CWE-401] [-Werror=analyzer-malloc-leak] 398 | } | ^ ‘fs_whitelist’: events 1-4 | | 523 | void fs_whitelist(void) { | | ^~~~~~~~~~~~ | | | | | (1) entry to ‘fs_whitelist’ | 524 | ProfileEntry *entry = cfg.profile; | 525 | if (!entry) | | ~ | | | | | (2) following ‘false’ branch (when ‘entry’ is non-NULL)... |...... | 528 | if (asprintf(&runuser, "/run/user/%u", getuid()) == -1) | | ~~ ~ | | | | | | | (4) following ‘false’ branch... | | (3) ...to here | ‘fs_whitelist’: event 5 | |../include/common.h:39:164: | 39 | #define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0) | | ^ | | | | | (5) ...to here fs_whitelist.c:529:3: note: in expansion of macro ‘errExit’ | 529 | errExit("asprintf"); | | ^~~~~~~ | ‘fs_whitelist’: event 6 | | 536 | if (nowhitelist == NULL) | | ^ | | | | | (6) following ‘false’ branch (when ‘nowhitelist’ is non-NULL)... | ‘fs_whitelist’: event 7 | |../include/common.h:39:164: | 39 | #define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0) | | ^ | | | | | (7) ...to here ``` </p> </details> Link to the previous issue: #4256 Cc: @glitsj16 @netblue30 @reinerh @rusty-snake @smitsohu (as participants of #4229/#4256)
gitea-mirror commented 2026-05-05 09:16:50 -06:00
Author
Owner
Copy link

@reinerh commented on GitHub (May 23, 2021):

I just checked this error and can confirm that it is a false positive by GCC 10.
When rebuilding the same file (fs_whitelist.c) with GCC 11, it no longer detects a memory leak and builds it successfully.

Unfortunately there are new warnings with GCC 11 (see #4274).

<!-- gh-comment-id:846531611 --> @reinerh commented on GitHub (May 23, 2021): I just checked this error and can confirm that it is a false positive by GCC 10. When rebuilding the same file (`fs_whitelist.c`) with GCC 11, it no longer detects a memory leak and builds it successfully. Unfortunately there are new warnings with GCC 11 (see #4274).
gitea-mirror commented 2026-05-05 09:16:51 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (May 23, 2021):

@reinerh @smitsohu Thanks for the quick fixes!

<!-- gh-comment-id:846596871 --> @kmk3 commented on GitHub (May 23, 2021): @reinerh @smitsohu Thanks for the quick fixes!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2612
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?