From 80aa6479d0057222eadb9a01a6fde08f4a9f10c7 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 9 Oct 2021 11:17:59 +0200 Subject: [PATCH] Strip (basic) environment variables before compiler detection --- NEWS | 2 ++ bin/blhc | 22 +++++++++++++++++++++- t/logs/env | 1 + t/tests.t | 2 +- 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 2ff7055..1d87d13 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,8 @@ Version 0.XX (Debian Bug #994154). - Properly handle quoted flags; reported by Olek Wojnar (see Debian Bug #975650 message 45). +- Strip (basic) environment variables before compiler detection to reduce + false positives; reported by Fabian Wolff (Debian Bug #975650) Version 0.12 diff --git a/bin/blhc b/bin/blhc index 2f8da5f..0c9360b 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1022,9 +1022,29 @@ foreach my $file (@ARGV) { $complete_line = undef; } + my $noenv = $line; + # Strip (basic) environment variables for compiler detection. This + # prevents false positives when environment variables contain + # compiler binaries. Nested quotes, command substitution, etc. is + # not supported. + $noenv =~ s/^ + \s* + (?: + [a-zA-Z_]+ # environment variable name + = + (?: + [^\s"'\$`\\]+ # non-quoted string + | + '[^"'\$`\\]*' # single-quoted string + | + "[^"'\$`\\]*" # double-quoted string + ) + \s+ + )* + //x; # Ignore lines with no compiler commands. next if not $non_verbose - and not $line =~ /$cc_regex_normal/o; + and not $noenv =~ /$cc_regex_normal/o; # Ignore lines with no filenames with extensions. May miss some # non-verbose builds (e.g. "gcc -o test" [sic!]), but shouldn't be # a problem as the log will most likely contain other non-verbose diff --git a/t/logs/env b/t/logs/env index 6b2a908..990766c 100644 --- a/t/logs/env +++ b/t/logs/env @@ -1,3 +1,4 @@ dpkg-buildpackage: source package test VERSION=v-amd64-linux CPP="gcc -x assembler-with-cpp -E -P -Wdate-time -D_FORTIFY_SOURCE=2" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" ../../config/gen-posix-names.sh _SC_ ml_sysconf.h +VERSION="`echo hi`" CPP="gcc -x assembler-with-cpp -E -P -Wdate-time -D_FORTIFY_SOURCE=2" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" ../../config/gen-posix-names.sh _SC_ ml_sysconf.h diff --git a/t/tests.t b/t/tests.t index b4c0352..595c34e 100644 --- a/t/tests.t +++ b/t/tests.t @@ -634,7 +634,7 @@ LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -g -O2 -fstack-protect '; is_blhc 'env', '--all', 8, - 'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): VERSION=v-amd64-linux CPP="gcc -x assembler-with-cpp -E -P -Wdate-time -D_FORTIFY_SOURCE=2" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" ../../config/gen-posix-names.sh _SC_ ml_sysconf.h + 'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): VERSION="`echo hi`" CPP="gcc -x assembler-with-cpp -E -P -Wdate-time -D_FORTIFY_SOURCE=2" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" ../../config/gen-posix-names.sh _SC_ ml_sysconf.h '; -- 2.45.2