[
https://issues.apache.org/jira/browse/DISPATCH-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16759884#comment-16759884
]
ASF subversion and git services commented on DISPATCH-1262:
-----------------------------------------------------------
Commit ca7d3461462f1ca749046a544e6bc0294164a1b1 in qpid-dispatch's branch
refs/heads/master from Jiri Danek
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=ca7d346 ]
DISPATCH-1262: fix GCC 8.2 format-truncation error in router/src/main.c
Gcc warns because `getcwd` on Linux may allocate and return new buffer,
so don't ignore the returned value. And cur_path may in theory be null
going in if previous `calloc` failed.
It is unlikely we would end up with cur_path = NULL as parameter to `%s`
in a formatting string later below, but it is possible, given very
careful timing and sufficiently malicious user, I think.
Change is made to silence GCC warning, so that ``-fsanitize=undefined` compiles.
This closes #448.
> GCC 8.2 format-truncation error in router/src/main.c
> ----------------------------------------------------
>
> Key: DISPATCH-1262
> URL: https://issues.apache.org/jira/browse/DISPATCH-1262
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: Backlog
> Environment: Fedora 29 or anything with GCC 8.2, when the mentioned
> flags are used.
> Reporter: Jiri Daněk
> Priority: Major
>
> When {{-DUSE_SANITIZERS=ON}}, this (in RelWithDebug build) results in
> {{-fsanitize=undefined -O2}} options being passed to GCC (as well as others,
> but these seem relevant).
> GCC then fails the compilation
> {code}
> [ 98%] Building C object router/CMakeFiles/qdrouterd.dir/src/main.c.o
> cd /home/jdanek/Work/repos/qpid-dispatch/cmake-build-relwithdebinfo/router &&
> /nix/store/wxq0gf50466p7aiddmiiwlxm1cs6mhbn-gcc-wrapper-8.2.0/bin/cc
> -I/home/jdanek/Work/repos/qpid-dispatch/include
> -I/home/jdanek/Work/repos/qpid-dispatch/cmake-build-relwithdebinfo/include
> -I/home/jdanek/Work/repos/qpid-proton/build/install/include
> -I/nix/store/l95nkqp7bdimqnz9ixay1aahljzsz7vc-python-2.7.15/include/python2.7
> -I/home/jdanek/Work/repos/qpid-dispatch/cmake-build-relwithdebinfo/router
> -fsanitize=address -fsanitize=leak -fsanitize=undefined -O2 -g -DNDEBUG -g
> -fno-omit-frame-pointer -Werror -Wall -Wpedantic -std=gnu99 -pthread -o
> CMakeFiles/qdrouterd.dir/src/main.c.o -c
> /home/jdanek/Work/repos/qpid-dispatch/router/src/main.c
> {code}
> {code}
> /home/jdanek/Work/repos/qpid-dispatch/router/src/main.c: In function
> ‘daemon_process’:
> /home/jdanek/Work/repos/qpid-dispatch/router/src/main.c:209:58: error: ‘%s’
> directive argument is null [-Werror=format-truncation=]
> snprintf(config_path_full, cpf_len, "%s%s%s",
> ^~
> cc1: all warnings being treated as errors
> {code}
> I believe that GCC should much improve diagnostic messages, if it intends to
> search for dataflows like this, because the error does not give context.
> It is IMO legit, just super unlikely thing to happen, though.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
