[ 
https://issues.apache.org/jira/browse/DISPATCH-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16759884#comment-16759884
 ] 

ASF subversion and git services commented on DISPATCH-1262:
-----------------------------------------------------------

Commit ca7d3461462f1ca749046a544e6bc0294164a1b1 in qpid-dispatch's branch 
refs/heads/master from Jiri Danek
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=ca7d346 ]

DISPATCH-1262: fix GCC 8.2 format-truncation error in router/src/main.c

Gcc warns because `getcwd` on Linux may allocate and return new buffer,
so don't ignore the returned value. And cur_path may in theory be null
going in if previous `calloc` failed.

It is unlikely we would end up with cur_path = NULL as parameter to `%s`
in a formatting string later below, but it is possible, given very
careful timing and sufficiently malicious user, I think.

Change is made to silence GCC warning, so that ``-fsanitize=undefined` compiles.

This closes #448.


> GCC 8.2 format-truncation error in router/src/main.c
> ----------------------------------------------------
>
>                 Key: DISPATCH-1262
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1262
>             Project: Qpid Dispatch
>          Issue Type: Bug
>    Affects Versions: Backlog
>         Environment: Fedora 29 or anything with GCC 8.2, when the mentioned 
> flags are used.
>            Reporter: Jiri Daněk
>            Priority: Major
>
> When {{-DUSE_SANITIZERS=ON}}, this (in RelWithDebug build) results in 
> {{-fsanitize=undefined -O2}} options being passed to GCC (as well as others, 
> but these seem relevant).
> GCC then fails the compilation
> {code}
> [ 98%] Building C object router/CMakeFiles/qdrouterd.dir/src/main.c.o
> cd /home/jdanek/Work/repos/qpid-dispatch/cmake-build-relwithdebinfo/router && 
> /nix/store/wxq0gf50466p7aiddmiiwlxm1cs6mhbn-gcc-wrapper-8.2.0/bin/cc  
> -I/home/jdanek/Work/repos/qpid-dispatch/include 
> -I/home/jdanek/Work/repos/qpid-dispatch/cmake-build-relwithdebinfo/include 
> -I/home/jdanek/Work/repos/qpid-proton/build/install/include 
> -I/nix/store/l95nkqp7bdimqnz9ixay1aahljzsz7vc-python-2.7.15/include/python2.7 
> -I/home/jdanek/Work/repos/qpid-dispatch/cmake-build-relwithdebinfo/router  
> -fsanitize=address -fsanitize=leak -fsanitize=undefined -O2 -g -DNDEBUG   -g 
> -fno-omit-frame-pointer -Werror -Wall -Wpedantic -std=gnu99 -pthread -o 
> CMakeFiles/qdrouterd.dir/src/main.c.o   -c 
> /home/jdanek/Work/repos/qpid-dispatch/router/src/main.c
> {code}
> {code}
> /home/jdanek/Work/repos/qpid-dispatch/router/src/main.c: In function 
> ‘daemon_process’:
> /home/jdanek/Work/repos/qpid-dispatch/router/src/main.c:209:58: error: ‘%s’ 
> directive argument is null [-Werror=format-truncation=]
>                      snprintf(config_path_full, cpf_len, "%s%s%s",
>                                                           ^~
> cc1: all warnings being treated as errors
> {code}
> I believe that GCC should much improve diagnostic messages, if it intends to 
> search for dataflows like this, because the error does not give context.
> It is IMO legit, just super unlikely thing to happen, though.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to