This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: [PATCH] ar: Check whether ar header values fit.
- From: Mark Wielaard <mark at klomp dot org>
- To: elfutils-devel at sourceware dot org
- Cc: Matthias Klose <doko at ubuntu dot com>
- Date: Wed, 20 Sep 2017 20:46:02 +0200
- Subject: Re: [PATCH] ar: Check whether ar header values fit.
- Authentication-results: sourceware.org; auth=none
- References: <1505474076-16062-1-git-send-email-mark@klomp.org>
On Fri, 2017-09-15 at 13:14 +0200, Mark Wielaard wrote:
> When compiling with -O3 gcc finds an interesting error:
>
> src/ar.c: In function ‘do_oper_insert’:
> src/ar.c:1077:56: error: ‘%-*ld’ directive output may be truncated
> writing between 6 and 10 bytes into a region of size 7 [-
> Werror=format-truncation=]
> snprintf (tmpbuf, sizeof (tmpbuf), ofmt ? "%-*lo" : "%-*ld",
> bufsize, val);
> ^~~~~
> The problem is that the ar header values have to fit in a limited
> (not zero terminated) string. We should check the snprintf return
> value to see if the values are representable.
>
> Also make ar valgrind and ubsan clean and add a minimal sanity test.
I pushed this to master.