Binskim reporting /Qspectre switch not enabled for libxml2-2.11.1 static library even after switch is added #907
Comments
|
Want to clear the confusion, below is not related fix, it just happened that the pr was created about the same time and id conflict: shaopeng-gh added a commit that referenced this issue 2 days ago * NEW: BinSkim will now log warning `OneOrMoreSymbolServersProvidedIn… … |
|
hi @nachogule do you have any updates on this issue? I am seeing something similar |
|
Generate libxml2 lib with debug symbols to fix /Qspectre binskim bugs
libxml2-2.11.1/win32/Makefile.msvc
…----------------------------8<-------------------------------------------------------------------------------------------
# The preprocessor and its options.
CPP = cl.exe /EP
CPPFLAGS = /Qspectre /nologo /I$(XML_SRCDIR)\include /D "NOLIBTOOL"
!if "$(WITH_THREADS)" != "no"
CPPFLAGS = $(CPPFLAGS) /D "_REENTRANT"
!endif
# The compiler and its options.
CC = cl.exe
CFLAGS = /Qspectre /nologo /D "_WINDOWS" /D "_MBCS" /D "NOLIBTOOL" /W3
/wd4244 /wd4267 $(CRUNTIME)
----------------------------8<-------------------------------------------------------------------------------------------
On Thu, Apr 18, 2024 at 11:02 PM asvadive ***@***.***> wrote:
hi @nachogule <https://github.com/nachogule> do you have any updates on
this issue? I am seeing something similar
—
Reply to this email directly, view it on GitHub
<#907 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIMORUF7HGOQQGOEFJX7IJDY577SNAVCNFSM6AAAAAAYLY42QSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRUGY3TKMZZGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am running binskim 1.9.5 for my application that statically link to libxml2-2.11.1(https://download.gnome.org/sources/libxml2/2.11/) and complaining about /Qspectre switch not enabled.
To fix this I added /Qspectre switch in below two files in "CFLAGS" variable as below,
libxml2-2.11.1\win32\Makefile
libxml2-2.11.1\win32\Makefile.msvc
CFLAGS = /nologo /D "_WINDOWS" /D "_MBCS" /D "NOLIBTOOL" /W3 /wd4244 /wd4267 /Qspectre $(CRUNTIME)
I am running below command sequence for building libxml2-2.11.1 on Windows,
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars32.bat" -vcvars_ver=14.2 -vcvars_spectre_libs=spectre
cscript configure.js iconv=no static=yes prefix=.\build\release cruntime=/MT debug=no schematron=no incdir=.\include libdir=.\lib\release\static sodir=.\lib\release\shared
nmake -f Makefile.msvc
I can see /Qspectre switch is present in compilation options when I compile libxml2-2.11.1 library on Windows,
cl.exe /nologo /D "_WINDOWS" /D "_MBCS" /D "NOLIBTOOL" /W3 /wd4244 /wd4267 /Qspectre /MT /I.. /I..\include /I.\include /D "_REENTRANT" /D_CRT_SECURE_NO_DEPRECATE /D_CRT_NONSTDC_NO_DEPRECATE /D "NDEBUG" /O2 /Foint.msvc\ /c ..\buf.c ..\c14n.c ..\catalog.c ..\chvalid.c ..\debugXML.c ..\dict.c ..\encoding.c ..\entities.c ..\error.c ..\globals.c ..\hash.c ..\HTMLparser.c ..\HTMLtree.c ..\legacy.c ..\list.c ..\nanoftp.c ..\nanohttp.c ..\parser.c ..\parserInternals.c ..\pattern.c ..\relaxng.c ..\SAX2.c ..\SAX.c ..\schematron.c ..\threads.c ..\tree.c ..\uri.c ..\valid.c ..\xinclude.c ..\xlink.c ..\xmlIO.c ..\xmlmemory.c ..\xmlreader.c ..\xmlregexp.c ..\xmlmodule.c ..\xmlsave.c ..\xmlschemas.c ..\xmlschemastypes.c ..\xmlunicode.c ..\xmlwriter.c ..\xpath.c ..\xpointer.c ..\xmlstring.c
But still after analyzing application binary with binskim I get following warning,
"The following modules were compiled with a toolset that supports /Qspectre but the switch was not enabled on the command-line:\r\nlibxml2_a.lib,c,19.29.30148.0 (buf.obj,catalog.obj,chvalid.obj,debugXML.obj,dict.obj,encoding.obj,entities.obj,error.obj,globals.obj,hash.obj,HTMLparser.obj,HTMLtree.obj,list.obj,nanoftp.obj,nanohttp.obj,parser.obj,parserInternals.obj,pattern.obj,relaxng.obj,SAX.obj,SAX2.obj,threads.obj,tree.obj,uri.obj,valid.obj,xinclude.obj,xmlIO.obj,xmlmemory.obj,xmlreader.obj,xmlregexp.obj,xmlsave.obj,xmlschemas.obj,xmlschemastypes.obj,xmlstring.obj,xmlunicode.obj,xpath.obj,xpointer.obj)\r\n\r\n"
Please help here to understand what is missing here and why /Qspectre switch is not effective for libxml2-2.11.1
The text was updated successfully, but these errors were encountered: