On Sun, 04 Feb 2018 14:49:15 -0500, Ken Hornstein said:
> >nmh builds mostly OK under it, and passes 'make check'.  However,
> >there's a whole mess of new warnings, which all root-cause to the
> >fact that gcc8 apparently does sanity checking on whether the code
> >has bounds-checked the length parameter of snprintf() and friends
> >before using it, and special-case notification when it's obvious that
> >the destination won't get null-terminated.
> I'm ... a little confused.  Is the "right" way to deal with that by
> doing:
>       adr[sizeof(adr) - 1] = '\0';
>       strncpy(adr, ap->text, sizeof(adr) - 1);

That's one way to do it.  It's possible that a code audit will show that the
calling code always does the right thing, and no action is needed.  That's
of course very brittle, as it doesn't catch new occurrences dropped into
the code.

I'd be quite surprised if we don't have at least one off-by-one error
in there.  I haven't gotten brave enough to wade in and try to follow
the code yet.

> Or something else?  A quick Google suggests most people "fix" this by
> adding -Wno-stringop-truncation to the build options.

When you look at how many security issues are caused by strings running off
the end of a buffer, that's indeed a "fix" rather than an actual repair.

Attachment: pgpFrNvmRVFu1.pgp
Description: PGP signature


Reply via email to