[GH-ISSUE #6190] build: --enable-analyzer throws warnings on Ubuntu 22.04 LTS #3215

New issue

Open

opened 2026-05-05 09:49:39 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented 2026-05-05 09:49:39 -06:00

Owner

Copy link

Originally created by @ghost on GitHub (Feb 4, 2024).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6190

On my old Ubuntu 16.04 LTS box I never bothered to build Firejail with --enable-analyzer. But after migrating that machine to Ubuntu 22.04 LTS I gave it a try. The below warnings showed up (which doesn't happen on my Arch Linux box BTW).

Here's the build output:

$ ./configure --prefix=/usr --enable-analyzer --enable-apparmor --enable-landlock --enable-private-lib && make

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether C compiler accepts -MMD -MP... yes
checking whether C compiler accepts -mindirect-branch=thunk... no
checking whether C compiler accepts -fstack-clash-protection... yes
checking whether C compiler accepts -fstack-protector-strong... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libapparmor... yes
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for linux/landlock.h... yes
checking for gawk... yes
checking for linux/seccomp.h... yes
configure: creating ./config.status
config.status: creating config.mk
config.status: creating config.sh

Compile options:
   CC: gcc
   CFLAGS: -g -O2
   CPPFLAGS:
   LDFLAGS:
   EXTRA_CFLAGS:  -fstack-clash-protection -fstack-protector-strong -fanalyzer -Wno-analyzer-malloc-leak
   DEPS_CFLAGS:  -MMD -MP
   EXTRA_LDFLAGS:
   LIBS:  -lapparmor
   fatal warnings:
   gcov instrumentation:
   install as a SUID executable: -DHAVE_SUID
   install contrib scripts: yes
   prefix: /usr
   sysconfdir: /etc
   Spectre compiler patch: yes

Features:
   allow tmpfs as regular user: -DHAVE_USERTMPFS
   always enforce filters:
   apparmor: -DHAVE_APPARMOR
   busybox workaround: no
   chroot: -DHAVE_CHROOT
   DBUS proxy support: -DHAVE_DBUSPROXY
   disable user profiles:
   enable --output logging: -DHAVE_OUTPUT
   file transfer support: -DHAVE_FILE_TRANSFER
   global config: -DHAVE_GLOBALCFG
   IDS support:
   Landlock support: -DHAVE_LANDLOCK
   manpage support: -DHAVE_MAN
   network: -DHAVE_NETWORK
   overlayfs support:
   private home support: -DHAVE_PRIVATE_HOME
   private lib support: -DHAVE_PRIVATE_LIB
   SELinux labeling support:
   user namespace: -DHAVE_USERNS
   X11 sandboxing support: -DHAVE_X11

$ make
[...]
../../src/fbuilder/filedb.c: In function ‘filedb_add.part.0’:
../../src/fbuilder/filedb.c:69:22: warning: use of possibly-NULL ‘strdup(fname)’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
   69 |         entry->len = strlen(entry->fname);
      |                      ^~~~~~~~~~~~~~~~~~~~
  ‘filedb_load_whitelist’: event 1
    |
    |   88 | FileDB *filedb_load_whitelist(FileDB *head, const char *fname, const char *prefix) {
    |      |         ^~~~~~~~~~~~~~~~~~~~~
    |      |         |
    |      |         (1) entry to ‘filedb_load_whitelist’
    |
  ‘filedb_load_whitelist’: event 2
    |
    |   89 |         assert(fname);
    |      |         ^~~~~~
    |      |         |
    |      |         (2) following ‘true’ branch (when ‘fname’ is non-NULL)...
    |
  ‘filedb_load_whitelist’: event 3
    |
    |   90 |         assert(prefix);
    |      |         ^~~~~~
    |      |         |
    |      |         (3) ...to here
    |
  ‘filedb_load_whitelist’: event 4
    |
    |   90 |         assert(prefix);
    |      |         ^~~~~~
    |      |         |
    |      |         (4) following ‘true’ branch (when ‘prefix’ is non-NULL)...
    |
  ‘filedb_load_whitelist’: events 5-6
    |
    |   91 |         int len = strlen(prefix);
    |      |         ^~~
    |      |         |
    |      |         (5) ...to here
    |   92 |         char *f;
    |   93 |         if (asprintf(&f, "%s/%s", SYSCONFDIR, fname) == -1)
    |      |            ~
    |      |            |
    |      |            (6) following ‘false’ branch...
    |
  ‘filedb_load_whitelist’: event 7
    |
    |../../src/fbuilder/../include/common.h:42:25:
    |   42 | #define errExit(msg) do { \
    |      |                         ^
    |      |                         |
    |      |                         (7) ...to here
../../src/fbuilder/filedb.c:94:17: note: in expansion of macro ‘errExit’
    |   94 |                 errExit("asprintf");
    |      |                 ^~~~~~~
    |
  ‘filedb_load_whitelist’: event 8
    |
    |   96 |         if (!fp) {
    |      |            ^
    |      |            |
    |      |            (8) following ‘false’ branch (when ‘fp’ is non-NULL)...
    |
  ‘filedb_load_whitelist’: event 9
    |
    |cc1:
    | (9): ...to here
    |
  ‘filedb_load_whitelist’: events 10-12
    |
    |  103 |         while (fgets(buf, MAX_BUF, fp)) {
    |      |                ^~~~~
    |      |                |
    |      |                (10) following ‘true’ branch...
    |  104 |                 if (strncmp(buf, prefix, len) != 0)
    |      |                 ~~
    |      |                 |
    |      |                 (11) ...to here
    |......
    |  114 |                 head = filedb_add(head, fn);
    |      |                        ~~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (12) calling ‘filedb_add’ from ‘filedb_load_whitelist’
    |
    +--> ‘filedb_add’: event 13
           |
           |   54 | FileDB *filedb_add(FileDB *head, const char *fname) {
           |      |         ^~~~~~~~~~
           |      |         |
           |      |         (13) entry to ‘filedb_add’
           |
         ‘filedb_add’: event 14
           |
           |   55 |         assert(fname);
           |      |         ^~~~~~
           |      |         |
           |      |         (14) following ‘true’ branch (when ‘fname’ is non-NULL)...
           |
         ‘filedb_add’: events 15-16
           |
           |   58 |         if (filedb_find(head, fname))
           |      |         ^~  ~~~~~~~~~~~~~~~~~~~~~~~~
           |      |         |   |
           |      |         |   (16) calling ‘filedb_find’ from ‘filedb_add’
           |      |         (15) ...to here
           |
           +--> ‘filedb_find’: event 17
                  |
                  |   24 | FileDB *filedb_find(FileDB *head, const char *fname) {
                  |      |         ^~~~~~~~~~~
                  |      |         |
                  |      |         (17) entry to ‘filedb_find’
                  |
                ‘filedb_find’: event 18
                  |
                  |   25 |         assert(fname);
                  |      |         ^~~~~~
                  |      |         |
                  |      |         (18) following ‘true’ branch (when ‘fname’ is non-NULL)...
                  |
                ‘filedb_find’: event 19
                  |
                  |cc1:
                  | (19): ...to here
                  |
                ‘filedb_find’: event 20
                  |
                  |cc1:
                  | (20): calling ‘filedb_find.part.0’ from ‘filedb_find’
                  |
                  +--> ‘filedb_find.part.0’: events 21-27
                         |
                         |   24 | FileDB *filedb_find(FileDB *head, const char *fname) {
                         |      |         ^~~~~~~~~~~
                         |      |         |
                         |      |         (21) entry to ‘filedb_find.part.0’
                         |......
                         |   29 |         while (ptr) {
                         |      |                ~~~
                         |      |                |
                         |      |                (22) following ‘true’ branch (when ‘ptr’ is non-NULL)...
                         |      |                (24) following ‘true’ branch (when ‘ptr’ is non-NULL)...
                         |......
                         |   32 |                 if (fnmatch(ptr->fname, fname, FNM_PATHNAME) == 0) {
                         |      |                 ~~
                         |      |                 |
                         |      |                 (23) ...to here
                         |      |                 (25) ...to here
                         |......
                         |   48 |         if (found)
                         |      |            ~
                         |      |            |
                         |      |            (26) following ‘true’ branch (when ‘found != 0’)...
                         |   49 |                 return ptr;
                         |      |                 ~~~~~~
                         |      |                 |
                         |      |                 (27) ...to here
                         |
                  <------+
                  |
                ‘filedb_find’: event 28
                  |
                  |cc1:
                  | (28): returning to ‘filedb_find’ from ‘filedb_find.part.0’
                  |
           <------+
           |
         ‘filedb_add’: event 29
           |
           |   58 |         if (filedb_find(head, fname))
           |      |             ^~~~~~~~~~~~~~~~~~~~~~~~
           |      |             |
           |      |             (29) returning to ‘filedb_add’ from ‘filedb_find’
           |
         ‘filedb_add’: event 30
           |
           |cc1:
           | (30): calling ‘filedb_add.part.0’ from ‘filedb_add’
           |
           +--> ‘filedb_add.part.0’: events 31-32
                  |
                  |   54 | FileDB *filedb_add(FileDB *head, const char *fname) {
                  |      |         ^~~~~~~~~~
                  |      |         |
                  |      |         (31) entry to ‘filedb_add.part.0’
                  |......
                  |   63 |         if (!entry)
                  |      |            ~
                  |      |            |
                  |      |            (32) following ‘false’ branch (when ‘entry’ is non-NULL)...
                  |
                ‘filedb_add.part.0’: event 33
                  |
                  |../../src/fbuilder/../include/common.h:42:25:
                  |   42 | #define errExit(msg) do { \
                  |      |                         ^
                  |      |                         |
                  |      |                         (33) ...to here
../../src/fbuilder/filedb.c:64:17: note: in expansion of macro ‘errExit’
                  |   64 |                 errExit("malloc");
                  |      |                 ^~~~~~~
                  |
                ‘filedb_add.part.0’: events 34-36
                  |
                  |   66 |         entry->fname = strdup(fname);
                  |      |                        ^~~~~~~~~~~~~
                  |      |                        |
                  |      |                        (34) this call could return NULL
                  |   67 |         if (!entry->fname)
                  |      |            ~
                  |      |            |
                  |      |            (35) assuming ‘strdup(fname)’ is non-NULL
                  |      |            (36) following ‘false’ branch...
                  |
                ‘filedb_add.part.0’: event 37
                  |
                  |../../src/fbuilder/../include/common.h:42:25:
                  |   42 | #define errExit(msg) do { \
                  |      |                         ^
                  |      |                         |
                  |      |                         (37) ...to here
../../src/fbuilder/filedb.c:68:17: note: in expansion of macro ‘errExit’
                  |   68 |                 errExit("strdup");
                  |      |                 ^~~~~~~
                  |
           <------+
           |
         ‘filedb_add’: event 38
           |
           |cc1:
           | (38): returning to ‘filedb_add’ from ‘filedb_add.part.0’
           |
    <------+
    |
  ‘filedb_load_whitelist’: events 39-46
    |
    |  103 |         while (fgets(buf, MAX_BUF, fp)) {
    |      |                ~~~~~
    |      |                |
    |      |                (40) following ‘true’ branch...
    |  104 |                 if (strncmp(buf, prefix, len) != 0)
    |      |                 ~~ ~
    |      |                 |  |
    |      |                 |  (42) following ‘false’ branch...
    |      |                 (41) ...to here
    |......
    |  107 |                 char *fn = buf + len;
    |      |                 ~~~~
    |      |                 |
    |      |                 (43) ...to here
    |  108 |                 char *ptr = strchr(buf, '\n');
    |  109 |                 if (!ptr)
    |      |                    ~
    |      |                    |
    |      |                    (44) following ‘false’ branch (when ‘ptr’ is non-NULL)...
    |  110 |                         continue;
    |  111 |                 *ptr = '\0';
    |      |                 ~
    |      |                 |
    |      |                 (45) ...to here
    |......
    |  114 |                 head = filedb_add(head, fn);
    |      |                        ^~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (39) returning to ‘filedb_load_whitelist’ from ‘filedb_add’
    |      |                        (46) calling ‘filedb_add’ from ‘filedb_load_whitelist’
    |
    +--> ‘filedb_add’: event 47
           |
           |   54 | FileDB *filedb_add(FileDB *head, const char *fname) {
           |      |         ^~~~~~~~~~
           |      |         |
           |      |         (47) entry to ‘filedb_add’
           |
         ‘filedb_add’: event 48
           |
           |   55 |         assert(fname);
           |      |         ^~~~~~
           |      |         |
           |      |         (48) following ‘true’ branch (when ‘fname’ is non-NULL)...
           |
         ‘filedb_add’: events 49-50
           |
           |   58 |         if (filedb_find(head, fname))
           |      |         ^~  ~~~~~~~~~~~~~~~~~~~~~~~~
           |      |         |   |
           |      |         |   (50) calling ‘filedb_find’ from ‘filedb_add’
           |      |         (49) ...to here
           |
           +--> ‘filedb_find’: event 51
                  |
                  |   24 | FileDB *filedb_find(FileDB *head, const char *fname) {
                  |      |         ^~~~~~~~~~~
                  |      |         |
                  |      |         (51) entry to ‘filedb_find’
                  |
                ‘filedb_find’: event 52
                  |
                  |   25 |         assert(fname);
                  |      |         ^~~~~~
                  |      |         |
                  |      |         (52) following ‘true’ branch (when ‘fname’ is non-NULL)...
                  |
                ‘filedb_find’: event 53
                  |
                  |cc1:
                  | (53): ...to here
                  |
                ‘filedb_find’: event 54
                  |
                  |cc1:
                  | (54): calling ‘filedb_find.part.0’ from ‘filedb_find’
                  |
                  +--> ‘filedb_find.part.0’: events 55-60
                         |
                         |   24 | FileDB *filedb_find(FileDB *head, const char *fname) {
                         |      |         ^~~~~~~~~~~
                         |      |         |
                         |      |         (55) entry to ‘filedb_find.part.0’
                         |......
                         |   29 |         while (ptr) {
                         |      |                ~~~
                         |      |                |
                         |      |                (56) following ‘true’ branch (when ‘ptr’ is non-NULL)...
                         |......
                         |   32 |                 if (fnmatch(ptr->fname, fname, FNM_PATHNAME) == 0) {
                         |      |                 ~~ ~
                         |      |                 |  |
                         |      |                 |  (58) following ‘false’ branch...
                         |      |                 (57) ...to here
                         |......
                         |   38 |                 if (strlen(fname) > ptr->len &&
                         |      |                 ~~
                         |      |                 |
                         |      |                 (59) ...to here
                         |......
                         |   48 |         if (found)
                         |      |            ~
                         |      |            |
                         |      |            (60) following ‘false’ branch (when ‘found == 0’)...
                         |
                       ‘filedb_find.part.0’: event 61
                         |
                         |cc1:
                         | (61): ...to here
                         |
                  <------+
                  |
                ‘filedb_find’: event 62
                  |
                  |cc1:
                  | (62): returning to ‘filedb_find’ from ‘filedb_find.part.0’
                  |
           <------+
           |
         ‘filedb_add’: events 63-64
           |
           |   58 |         if (filedb_find(head, fname))
           |      |            ~^~~~~~~~~~~~~~~~~~~~~~~~
           |      |            ||
           |      |            |(63) returning to ‘filedb_add’ from ‘filedb_find’
           |      |            (64) following ‘false’ branch...
           |
         ‘filedb_add’: event 65
           |
           |cc1:
           | (65): ...to here
           |
         ‘filedb_add’: event 66
           |
           |cc1:
           | (66): calling ‘filedb_add.part.0’ from ‘filedb_add’
           |
           +--> ‘filedb_add.part.0’: events 67-68
                  |
                  |   54 | FileDB *filedb_add(FileDB *head, const char *fname) {
                  |      |         ^~~~~~~~~~
                  |      |         |
                  |      |         (67) entry to ‘filedb_add.part.0’
                  |......
                  |   63 |         if (!entry)
                  |      |            ~
                  |      |            |
                  |      |            (68) following ‘false’ branch (when ‘entry’ is non-NULL)...
                  |
                ‘filedb_add.part.0’: event 69
                  |
                  |../../src/fbuilder/../include/common.h:42:25:
                  |   42 | #define errExit(msg) do { \
                  |      |                         ^
                  |      |                         |
                  |      |                         (69) ...to here
../../src/fbuilder/filedb.c:64:17: note: in expansion of macro ‘errExit’
                  |   64 |                 errExit("malloc");
                  |      |                 ^~~~~~~
                  |
                ‘filedb_add.part.0’: events 70-71
                  |
                  |   66 |         entry->fname = strdup(fname);
                  |      |                        ^~~~~~~~~~~~~
                  |      |                        |
                  |      |                        (70) this call could return NULL
                  |   67 |         if (!entry->fname)
                  |      |            ~
                  |      |            |
                  |      |            (71) following ‘false’ branch...
                  |
                ‘filedb_add.part.0’: event 72
                  |
                  |../../src/fbuilder/../include/common.h:42:25:
                  |   42 | #define errExit(msg) do { \
                  |      |                         ^
                  |      |                         |
                  |      |                         (72) ...to here
../../src/fbuilder/filedb.c:68:17: note: in expansion of macro ‘errExit’
                  |   68 |                 errExit("strdup");
                  |      |                 ^~~~~~~
                  |
                ‘filedb_add.part.0’: event 73
                  |
                  |   69 |         entry->len = strlen(entry->fname);
                  |      |                      ^~~~~~~~~~~~~~~~~~~~
                  |      |                      |
                  |      |                      (73) argument 1 (‘strdup(fname)’) from (70) could be NULL where non-null expected
                  |
In file included from ../../src/fbuilder/../include/common.h:31,
                 from ../../src/fbuilder/fbuilder.h:23,
                 from ../../src/fbuilder/filedb.c:21:
/usr/include/string.h:407:15: note: argument 1 of ‘strlen’ must be non-null
  407 | extern size_t strlen (const char *__s)
      |               ^~~~~~
static ip map: input 5998, output 2490
[...]

Full log is available here.

Originally created by @ghost on GitHub (Feb 4, 2024). Original GitHub issue: https://github.com/netblue30/firejail/issues/6190 On my old Ubuntu 16.04 LTS box I never bothered to build Firejail with `--enable-analyzer`. But after migrating that machine to Ubuntu 22.04 LTS I gave it a try. The below warnings showed up (which doesn't happen on my Arch Linux box BTW). Here's the build output: <details> <summary> $ ./configure --prefix=/usr --enable-analyzer --enable-apparmor --enable-landlock --enable-private-lib && make </summary> ``` checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether the compiler supports GNU C... yes checking whether gcc accepts -g... yes checking for gcc option to enable C11 features... none needed checking whether C compiler accepts -MMD -MP... yes checking whether C compiler accepts -mindirect-branch=thunk... no checking whether C compiler accepts -fstack-clash-protection... yes checking whether C compiler accepts -fstack-protector-strong... yes checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for libapparmor... yes checking for stdio.h... yes checking for stdlib.h... yes checking for string.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for strings.h... yes checking for sys/stat.h... yes checking for sys/types.h... yes checking for unistd.h... yes checking for linux/landlock.h... yes checking for gawk... yes checking for linux/seccomp.h... yes configure: creating ./config.status config.status: creating config.mk config.status: creating config.sh Compile options: CC: gcc CFLAGS: -g -O2 CPPFLAGS: LDFLAGS: EXTRA_CFLAGS: -fstack-clash-protection -fstack-protector-strong -fanalyzer -Wno-analyzer-malloc-leak DEPS_CFLAGS: -MMD -MP EXTRA_LDFLAGS: LIBS: -lapparmor fatal warnings: gcov instrumentation: install as a SUID executable: -DHAVE_SUID install contrib scripts: yes prefix: /usr sysconfdir: /etc Spectre compiler patch: yes Features: allow tmpfs as regular user: -DHAVE_USERTMPFS always enforce filters: apparmor: -DHAVE_APPARMOR busybox workaround: no chroot: -DHAVE_CHROOT DBUS proxy support: -DHAVE_DBUSPROXY disable user profiles: enable --output logging: -DHAVE_OUTPUT file transfer support: -DHAVE_FILE_TRANSFER global config: -DHAVE_GLOBALCFG IDS support: Landlock support: -DHAVE_LANDLOCK manpage support: -DHAVE_MAN network: -DHAVE_NETWORK overlayfs support: private home support: -DHAVE_PRIVATE_HOME private lib support: -DHAVE_PRIVATE_LIB SELinux labeling support: user namespace: -DHAVE_USERNS X11 sandboxing support: -DHAVE_X11 $ make [...] ../../src/fbuilder/filedb.c: In function ‘filedb_add.part.0’: ../../src/fbuilder/filedb.c:69:22: warning: use of possibly-NULL ‘strdup(fname)’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument] 69 | entry->len = strlen(entry->fname); | ^~~~~~~~~~~~~~~~~~~~ ‘filedb_load_whitelist’: event 1 | | 88 | FileDB *filedb_load_whitelist(FileDB *head, const char *fname, const char *prefix) { | | ^~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to ‘filedb_load_whitelist’ | ‘filedb_load_whitelist’: event 2 | | 89 | assert(fname); | | ^~~~~~ | | | | | (2) following ‘true’ branch (when ‘fname’ is non-NULL)... | ‘filedb_load_whitelist’: event 3 | | 90 | assert(prefix); | | ^~~~~~ | | | | | (3) ...to here | ‘filedb_load_whitelist’: event 4 | | 90 | assert(prefix); | | ^~~~~~ | | | | | (4) following ‘true’ branch (when ‘prefix’ is non-NULL)... | ‘filedb_load_whitelist’: events 5-6 | | 91 | int len = strlen(prefix); | | ^~~ | | | | | (5) ...to here | 92 | char *f; | 93 | if (asprintf(&f, "%s/%s", SYSCONFDIR, fname) == -1) | | ~ | | | | | (6) following ‘false’ branch... | ‘filedb_load_whitelist’: event 7 | |../../src/fbuilder/../include/common.h:42:25: | 42 | #define errExit(msg) do { \ | | ^ | | | | | (7) ...to here ../../src/fbuilder/filedb.c:94:17: note: in expansion of macro ‘errExit’ | 94 | errExit("asprintf"); | | ^~~~~~~ | ‘filedb_load_whitelist’: event 8 | | 96 | if (!fp) { | | ^ | | | | | (8) following ‘false’ branch (when ‘fp’ is non-NULL)... | ‘filedb_load_whitelist’: event 9 | |cc1: | (9): ...to here | ‘filedb_load_whitelist’: events 10-12 | | 103 | while (fgets(buf, MAX_BUF, fp)) { | | ^~~~~ | | | | | (10) following ‘true’ branch... | 104 | if (strncmp(buf, prefix, len) != 0) | | ~~ | | | | | (11) ...to here |...... | 114 | head = filedb_add(head, fn); | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (12) calling ‘filedb_add’ from ‘filedb_load_whitelist’ | +--> ‘filedb_add’: event 13 | | 54 | FileDB *filedb_add(FileDB *head, const char *fname) { | | ^~~~~~~~~~ | | | | | (13) entry to ‘filedb_add’ | ‘filedb_add’: event 14 | | 55 | assert(fname); | | ^~~~~~ | | | | | (14) following ‘true’ branch (when ‘fname’ is non-NULL)... | ‘filedb_add’: events 15-16 | | 58 | if (filedb_find(head, fname)) | | ^~ ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (16) calling ‘filedb_find’ from ‘filedb_add’ | | (15) ...to here | +--> ‘filedb_find’: event 17 | | 24 | FileDB *filedb_find(FileDB *head, const char *fname) { | | ^~~~~~~~~~~ | | | | | (17) entry to ‘filedb_find’ | ‘filedb_find’: event 18 | | 25 | assert(fname); | | ^~~~~~ | | | | | (18) following ‘true’ branch (when ‘fname’ is non-NULL)... | ‘filedb_find’: event 19 | |cc1: | (19): ...to here | ‘filedb_find’: event 20 | |cc1: | (20): calling ‘filedb_find.part.0’ from ‘filedb_find’ | +--> ‘filedb_find.part.0’: events 21-27 | | 24 | FileDB *filedb_find(FileDB *head, const char *fname) { | | ^~~~~~~~~~~ | | | | | (21) entry to ‘filedb_find.part.0’ |...... | 29 | while (ptr) { | | ~~~ | | | | | (22) following ‘true’ branch (when ‘ptr’ is non-NULL)... | | (24) following ‘true’ branch (when ‘ptr’ is non-NULL)... |...... | 32 | if (fnmatch(ptr->fname, fname, FNM_PATHNAME) == 0) { | | ~~ | | | | | (23) ...to here | | (25) ...to here |...... | 48 | if (found) | | ~ | | | | | (26) following ‘true’ branch (when ‘found != 0’)... | 49 | return ptr; | | ~~~~~~ | | | | | (27) ...to here | <------+ | ‘filedb_find’: event 28 | |cc1: | (28): returning to ‘filedb_find’ from ‘filedb_find.part.0’ | <------+ | ‘filedb_add’: event 29 | | 58 | if (filedb_find(head, fname)) | | ^~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (29) returning to ‘filedb_add’ from ‘filedb_find’ | ‘filedb_add’: event 30 | |cc1: | (30): calling ‘filedb_add.part.0’ from ‘filedb_add’ | +--> ‘filedb_add.part.0’: events 31-32 | | 54 | FileDB *filedb_add(FileDB *head, const char *fname) { | | ^~~~~~~~~~ | | | | | (31) entry to ‘filedb_add.part.0’ |...... | 63 | if (!entry) | | ~ | | | | | (32) following ‘false’ branch (when ‘entry’ is non-NULL)... | ‘filedb_add.part.0’: event 33 | |../../src/fbuilder/../include/common.h:42:25: | 42 | #define errExit(msg) do { \ | | ^ | | | | | (33) ...to here ../../src/fbuilder/filedb.c:64:17: note: in expansion of macro ‘errExit’ | 64 | errExit("malloc"); | | ^~~~~~~ | ‘filedb_add.part.0’: events 34-36 | | 66 | entry->fname = strdup(fname); | | ^~~~~~~~~~~~~ | | | | | (34) this call could return NULL | 67 | if (!entry->fname) | | ~ | | | | | (35) assuming ‘strdup(fname)’ is non-NULL | | (36) following ‘false’ branch... | ‘filedb_add.part.0’: event 37 | |../../src/fbuilder/../include/common.h:42:25: | 42 | #define errExit(msg) do { \ | | ^ | | | | | (37) ...to here ../../src/fbuilder/filedb.c:68:17: note: in expansion of macro ‘errExit’ | 68 | errExit("strdup"); | | ^~~~~~~ | <------+ | ‘filedb_add’: event 38 | |cc1: | (38): returning to ‘filedb_add’ from ‘filedb_add.part.0’ | <------+ | ‘filedb_load_whitelist’: events 39-46 | | 103 | while (fgets(buf, MAX_BUF, fp)) { | | ~~~~~ | | | | | (40) following ‘true’ branch... | 104 | if (strncmp(buf, prefix, len) != 0) | | ~~ ~ | | | | | | | (42) following ‘false’ branch... | | (41) ...to here |...... | 107 | char *fn = buf + len; | | ~~~~ | | | | | (43) ...to here | 108 | char *ptr = strchr(buf, '\n'); | 109 | if (!ptr) | | ~ | | | | | (44) following ‘false’ branch (when ‘ptr’ is non-NULL)... | 110 | continue; | 111 | *ptr = '\0'; | | ~ | | | | | (45) ...to here |...... | 114 | head = filedb_add(head, fn); | | ^~~~~~~~~~~~~~~~~~~~ | | | | | (39) returning to ‘filedb_load_whitelist’ from ‘filedb_add’ | | (46) calling ‘filedb_add’ from ‘filedb_load_whitelist’ | +--> ‘filedb_add’: event 47 | | 54 | FileDB *filedb_add(FileDB *head, const char *fname) { | | ^~~~~~~~~~ | | | | | (47) entry to ‘filedb_add’ | ‘filedb_add’: event 48 | | 55 | assert(fname); | | ^~~~~~ | | | | | (48) following ‘true’ branch (when ‘fname’ is non-NULL)... | ‘filedb_add’: events 49-50 | | 58 | if (filedb_find(head, fname)) | | ^~ ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (50) calling ‘filedb_find’ from ‘filedb_add’ | | (49) ...to here | +--> ‘filedb_find’: event 51 | | 24 | FileDB *filedb_find(FileDB *head, const char *fname) { | | ^~~~~~~~~~~ | | | | | (51) entry to ‘filedb_find’ | ‘filedb_find’: event 52 | | 25 | assert(fname); | | ^~~~~~ | | | | | (52) following ‘true’ branch (when ‘fname’ is non-NULL)... | ‘filedb_find’: event 53 | |cc1: | (53): ...to here | ‘filedb_find’: event 54 | |cc1: | (54): calling ‘filedb_find.part.0’ from ‘filedb_find’ | +--> ‘filedb_find.part.0’: events 55-60 | | 24 | FileDB *filedb_find(FileDB *head, const char *fname) { | | ^~~~~~~~~~~ | | | | | (55) entry to ‘filedb_find.part.0’ |...... | 29 | while (ptr) { | | ~~~ | | | | | (56) following ‘true’ branch (when ‘ptr’ is non-NULL)... |...... | 32 | if (fnmatch(ptr->fname, fname, FNM_PATHNAME) == 0) { | | ~~ ~ | | | | | | | (58) following ‘false’ branch... | | (57) ...to here |...... | 38 | if (strlen(fname) > ptr->len && | | ~~ | | | | | (59) ...to here |...... | 48 | if (found) | | ~ | | | | | (60) following ‘false’ branch (when ‘found == 0’)... | ‘filedb_find.part.0’: event 61 | |cc1: | (61): ...to here | <------+ | ‘filedb_find’: event 62 | |cc1: | (62): returning to ‘filedb_find’ from ‘filedb_find.part.0’ | <------+ | ‘filedb_add’: events 63-64 | | 58 | if (filedb_find(head, fname)) | | ~^~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(63) returning to ‘filedb_add’ from ‘filedb_find’ | | (64) following ‘false’ branch... | ‘filedb_add’: event 65 | |cc1: | (65): ...to here | ‘filedb_add’: event 66 | |cc1: | (66): calling ‘filedb_add.part.0’ from ‘filedb_add’ | +--> ‘filedb_add.part.0’: events 67-68 | | 54 | FileDB *filedb_add(FileDB *head, const char *fname) { | | ^~~~~~~~~~ | | | | | (67) entry to ‘filedb_add.part.0’ |...... | 63 | if (!entry) | | ~ | | | | | (68) following ‘false’ branch (when ‘entry’ is non-NULL)... | ‘filedb_add.part.0’: event 69 | |../../src/fbuilder/../include/common.h:42:25: | 42 | #define errExit(msg) do { \ | | ^ | | | | | (69) ...to here ../../src/fbuilder/filedb.c:64:17: note: in expansion of macro ‘errExit’ | 64 | errExit("malloc"); | | ^~~~~~~ | ‘filedb_add.part.0’: events 70-71 | | 66 | entry->fname = strdup(fname); | | ^~~~~~~~~~~~~ | | | | | (70) this call could return NULL | 67 | if (!entry->fname) | | ~ | | | | | (71) following ‘false’ branch... | ‘filedb_add.part.0’: event 72 | |../../src/fbuilder/../include/common.h:42:25: | 42 | #define errExit(msg) do { \ | | ^ | | | | | (72) ...to here ../../src/fbuilder/filedb.c:68:17: note: in expansion of macro ‘errExit’ | 68 | errExit("strdup"); | | ^~~~~~~ | ‘filedb_add.part.0’: event 73 | | 69 | entry->len = strlen(entry->fname); | | ^~~~~~~~~~~~~~~~~~~~ | | | | | (73) argument 1 (‘strdup(fname)’) from (70) could be NULL where non-null expected | In file included from ../../src/fbuilder/../include/common.h:31, from ../../src/fbuilder/fbuilder.h:23, from ../../src/fbuilder/filedb.c:21: /usr/include/string.h:407:15: note: argument 1 of ‘strlen’ must be non-null 407 | extern size_t strlen (const char *__s) | ^~~~~~ static ip map: input 5998, output 2490 [...] ``` </details> Full log is available [here](https://gist.github.com/glitsj16/ee0f51720021376aaea3a92e869b861c).

gitea-mirror commented 2026-05-05 09:49:41 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Feb 4, 2024):

Thanks for the heads up.

I get some of the warnings on Artix with:

$ pacman -Q gcc glibc
gcc 13.2.1-4
glibc 2.38-8

What are the versions on the Ubuntu machine?

<!-- gh-comment-id:1925955590 --> @kmk3 commented on GitHub (Feb 4, 2024): Thanks for the heads up. I get some of the warnings on Artix with: ```console $ pacman -Q gcc glibc gcc 13.2.1-4 glibc 2.38-8 ``` What are the versions on the Ubuntu machine?

gitea-mirror commented 2026-05-05 09:49:42 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Feb 5, 2024):

$ apt-cache policy gcc

gcc:
  Installed: 4:11.2.0-1ubuntu1
  Candidate: 4:11.2.0-1ubuntu1
  Version table:
 *** 4:11.2.0-1ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status

$ $ apt-cache policy libc6
libc6:
  Installed: 2.35-0ubuntu3.6
  Candidate: 2.35-0ubuntu3.6
  Version table:
 *** 2.35-0ubuntu3.6 500
        500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.35-0ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

<!-- gh-comment-id:1926405374 --> @ghost commented on GitHub (Feb 5, 2024): ```console $ apt-cache policy gcc gcc: Installed: 4:11.2.0-1ubuntu1 Candidate: 4:11.2.0-1ubuntu1 Version table: *** 4:11.2.0-1ubuntu1 500 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status ``` ```console $ $ apt-cache policy libc6 libc6: Installed: 2.35-0ubuntu3.6 Candidate: 2.35-0ubuntu3.6 Version table: *** 2.35-0ubuntu3.6 500 500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages 100 /var/lib/dpkg/status 2.35-0ubuntu3 500 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3215

No description provided.