Source: sparse Version: 0.6.4-4 Severity: wishlist Dear Maintainer,
When building sparse in Ubuntu I have encountered a number of test failures due to the buffer overflow: TEST vla-sizeof var X var (vla-sizeof4.c) Using command : test-linearize -Wvla $file Expecting exit value: 0 error: actual error text does not match expected error text. error: see vla-sizeof4.c.error.* for further investigation. --- vla-sizeof4.c.error.expected 2024-02-27 12:26:33.627119178 +1300 +++ vla-sizeof4.c.error.got 2024-02-27 12:26:33.627119178 +1300 @@ -1,2 +1,4 @@ vla-sizeof4.c:6:16: warning: Variable length array is used. vla-sizeof4.c:6:13: warning: Variable length array is used. +*** buffer overflow detected ***: terminated +Aborted (core dumped) Would it be possible to consider the attached patch if this problem appears in Debian due to the gcc defaults change? -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic'), (100, 'mantic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-21-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Description: linearize.c: fix buffer overrun warning from fortify The resulting string from snprintf, won't be nearly 64 bytes, but "buf" is only 16 bytes long here. This causes FORTIFY_SOURCE to complain when given the right options. Author: Jeff Layton <jlay...@kernel.org> Origin: upstream, https://git.kernel.org/pub/scm/devel/sparse/sparse.git/patch/?id=adceff0ab6e3d8bf43de52e2c2fbebf27db30deb Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/sparse/+bug/2055113 Forwarded: not-needed Applied-Upstream: commit, adceff0ab6e3d8bf43de52e2c2fbebf27db30deb Last-Update: 2024-02-27 diff --git a/linearize.c b/linearize.c index d9aed61b..1db2d505 100644 --- a/linearize.c +++ b/linearize.c @@ -91,7 +91,7 @@ const char *show_label(struct basic_block *bb) if (!bb) return ".L???"; - snprintf(buf, 64, ".L%u", bb->nr); + snprintf(buf, 16, ".L%u", bb->nr); return buf; }