Package Details: makedepf90 2.8.9-1

Git Clone URL: https://aur.archlinux.org/makedepf90.git (read-only, click to copy)
Package Base: makedepf90
Description: Fortran dependency generation tool
Upstream URL: https://github.com/amckinstry/makedepf90
Licenses: GPL2
Provides: makedepf90
Submitter: mrsyellow
Maintainer: mrsyellow
Last Packager: mrsyellow
Votes: 1
Popularity: 0.000000
First Submitted: 2018-12-14 19:32 (UTC)
Last Updated: 2018-12-15 21:01 (UTC)

Dependencies (1)

Required by (0)

Sources (1)

Latest Comments

newsboost commented on 2022-02-15 13:11 (UTC) (edited on 2022-02-15 13:47 (UTC) by newsboost)

I had some problems since yesterday after a full update on my system with makedepf90. I think I've either completely found the issue or am very close. The problem is that when I used makedepf90 on some code, it seemed stuck in an infinite loop. It took a while until I figured out that manually compiling the binary works - but it doesn't work from the package manager. I've tracked down these differences:

* With package manager:
$ gcc -o makedepf90 -D_FORTIFY_SOURCE=2 -DVERSION=\"2.8.9\" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt errormesg.o list.o macro.o main.o modfile_name.o utils.o xmalloc.o find_dep.o lexer.o

* When compiling myself:
$ gcc -o makedepf90 -DVERSION=\"2.8.9\" -g -O2 errormesg.o list.o macro.o main.o modfile_name.o utils.o xmalloc.o find_dep.o lexer.o

So the difference is:
* package manager: -D_FORTIFY_SOURCE=2
* me:              -march=x86-64 -mtune=generic -g

...which can probably at least partly be explained by entries in my makepkg.conf:

❯ grep -Pin '(fortify|march|mtune)' /etc/makepkg.conf
39:CPPFLAGS="-D_FORTIFY_SOURCE=2"
40:CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt"
41:CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt"

I read a bit up on the D_FORTIFY_SOURCE option and found this explanation: "When using the FORTIFY_SOURCE option, the compiler will insert code to call "safer" variants of unsafe functions if the compiler can deduce the destination buffer size. The unsafe functions include memcpy, mempcpy, memmove, memset, stpcpy, strcpy, strncpy..... etc. The option can be turned off with -D_FORTIFY_SOURCE=0 or -U_FORTIFY_SOURCE. However, its usually not appropriate to disable FORTIFY_SOURCE in production software."

My conclusion: I think this problem is upstream and uses unsafe code/calls. These calls should NOT be attempted to be replaced by "safer" variants, as it results in something that looks like an infinite loop. I therefore think the package maintainer should consider updating the PKGBUILD so it compiles with the flag "-D_FORTIFY_SOURCE=0" (or =1) - at least, if other people report the same issue as here. I hope this comment helps somebody else and saves a bit of pain!

meatbug commented on 2019-02-11 08:49 (UTC)

Thanks for providing this package!