This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] ar: Check whether ar header values fit.

From: Mark Wielaard <mark at klomp dot org>
To: elfutils-devel at sourceware dot org
Cc: Matthias Klose <doko at ubuntu dot com>
Date: Wed, 20 Sep 2017 20:46:02 +0200
Subject: Re: [PATCH] ar: Check whether ar header values fit.
Authentication-results: sourceware.org; auth=none
References: <1505474076-16062-1-git-send-email-mark@klomp.org>

On Fri, 2017-09-15 at 13:14 +0200, Mark Wielaard wrote:
> When compiling with -O3 gcc finds an interesting error:
> 
> src/ar.c: In function ‘do_oper_insert’:
> src/ar.c:1077:56: error: ‘%-*ld’ directive output may be truncated
> writing between 6 and 10 bytes into a region of size 7 [-
> Werror=format-truncation=]
>    snprintf (tmpbuf, sizeof (tmpbuf), ofmt ? "%-*lo" : "%-*ld",
> bufsize, val);
>                                                         ^~~~~
> The problem is that the ar header values have to fit in a limited
> (not zero terminated) string. We should check the snprintf return
> value to see if the values are representable.
> 
> Also make ar valgrind and ubsan clean and add a minimal sanity test.

I pushed this to master.

References:
- [PATCH] ar: Check whether ar header values fit.
  - From: Mark Wielaard

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]