On Sun, 04 Feb 2018 14:49:15 -0500, Ken Hornstein said: > >nmh builds mostly OK under it, and passes 'make check'. However, > >there's a whole mess of new warnings, which all root-cause to the > >fact that gcc8 apparently does sanity checking on whether the code > >has bounds-checked the length parameter of snprintf() and friends > >before using it, and special-case notification when it's obvious that > >the destination won't get null-terminated. > > I'm ... a little confused. Is the "right" way to deal with that by > doing: > > adr[sizeof(adr) - 1] = '\0'; > > strncpy(adr, ap->text, sizeof(adr) - 1);
That's one way to do it. It's possible that a code audit will show that the calling code always does the right thing, and no action is needed. That's of course very brittle, as it doesn't catch new occurrences dropped into the code. I'd be quite surprised if we don't have at least one off-by-one error in there. I haven't gotten brave enough to wade in and try to follow the code yet. > Or something else? A quick Google suggests most people "fix" this by > adding -Wno-stringop-truncation to the build options. When you look at how many security issues are caused by strings running off the end of a buffer, that's indeed a "fix" rather than an actual repair.
Description: PGP signature
-- Nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers