Bug#1065020: sparse fails to build in Ubuntu due to the buffer overrun error

[Vladimir Petko]

Source: sparse
Version: 0.6.4-4
Severity: wishlist

Dear Maintainer,

When building sparse in Ubuntu I have encountered a number of test failures due
to the buffer overflow:

  TEST vla-sizeof var X var (vla-sizeof4.c)
        Using command : test-linearize -Wvla $file
        Expecting exit value: 0
error: actual error text does not match expected error text.
error: see vla-sizeof4.c.error.* for further investigation.
--- vla-sizeof4.c.error.expected 2024-02-27 12:26:33.627119178 +1300
+++ vla-sizeof4.c.error.got 2024-02-27 12:26:33.627119178 +1300
@@ -1,2 +1,4 @@
 vla-sizeof4.c:6:16: warning: Variable length array is used.
 vla-sizeof4.c:6:13: warning: Variable length array is used.
+*** buffer overflow detected ***: terminated
+Aborted (core dumped)

Would it be possible to consider the attached patch if this problem appears in
Debian due to the gcc defaults change?


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 
'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-21-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Description: linearize.c: fix buffer overrun warning from fortify
 The resulting string from snprintf, won't be nearly 64 bytes, but "buf"
 is only 16 bytes long here. This causes FORTIFY_SOURCE to complain when
 given the right options.
Author: Jeff Layton <jlay...@kernel.org>
Origin: upstream, 
https://git.kernel.org/pub/scm/devel/sparse/sparse.git/patch/?id=adceff0ab6e3d8bf43de52e2c2fbebf27db30deb
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/sparse/+bug/2055113
Forwarded: not-needed
Applied-Upstream: commit, adceff0ab6e3d8bf43de52e2c2fbebf27db30deb
Last-Update: 2024-02-27
diff --git a/linearize.c b/linearize.c
index d9aed61b..1db2d505 100644
--- a/linearize.c
+++ b/linearize.c
@@ -91,7 +91,7 @@ const char *show_label(struct basic_block *bb)

        if (!bb)
                return ".L???";
-       snprintf(buf, 64, ".L%u", bb->nr);
+       snprintf(buf, 16, ".L%u", bb->nr);
        return buf;
 }