From 782c8c908fbc4e2bac1ee0ed7ef56b15a969a042 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?=
<bernhard.rosenkraenzer.ext@huawei.com>
Date: Thu, 2 Sep 2021 20:32:49 +0200
Subject: [PATCH] mesa: Remove -Werror=array-bounds and
-Werror=format-nonliteral from compiler flags
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
mesa has a code path that could theoretically trigger an overrun;
however, this only happens if an internal (declared static) function
is called with incorrect parameters. This doesn't seem to be
exploitable.
There's also a harmless format-nonliteral warning.
Removing -Werror=array-bounds and -Werror=format-nonliteral here allows
us to use these flags globally in OPTIMIZE_FOR=security mode.
Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>
---
.../recipes-graphics/mesa/mesa_%.bbappend | 27 +++++++++++++++++++
1 file changed, 27 insertions(+)
create mode 100644 meta-ohos-core/recipes-graphics/mesa/mesa_%.bbappend
diff --git a/meta-ohos-core/recipes-graphics/mesa/mesa_%.bbappend b/meta-ohos-core/recipes-graphics/mesa/mesa_%.bbappend
new file mode 100644
index 00000000..dbb6ed71
--- /dev/null
+++ b/meta-ohos-core/recipes-graphics/mesa/mesa_%.bbappend
@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+# Building mesa with -Warray-bounds results in a suspicious warning:
+#
+# src/intel/compiler/brw_eu_emit.c: In function 'brw_set_dest':
+# src/intel/compiler/brw_inst.h:1311:34: error: array subscript 67108863 is above array bounds of 'uint64_t[2]' {aka 'long unsigned int[2]'} [-Werror=array-bounds]
+# 1311 | inst->data[word] = (inst->data[word] & ~mask) | (value << low);
+# | ~~~~~~~~~~^~~~~~
+# ../mesa-20.0.2/src/intel/compiler/brw_inst.h:47:13: note: while referencing 'data'
+# 47 | uint64_t data[2];
+# | ^~~~
+#
+# This warning, however, is harmless as long as the function it refers to is
+# called with correct parameters.
+# The value of word depends on a parameter and can theoretically go all the
+# way to 0x3ffffff, but if the function is used correctly, can not actually
+# exceed 2.
+#
+# Similarly, code in m_vector.c triggers a format-nonliteral warning, but it
+# can only be run on a safe, hardcoded string.
+
+# Removing -Werror=array-bounds and -Werror=format-nonliteral here allows us to
+# use these flags globally in OPTIMIZE_FOR=security mode while keeping
+# mesa building.
+
+TARGET_CFLAGS_remove = "-Werror=array-bounds -Wformat-nonliteral -Werror=format-nonliteral"
--
GitLab