[Touch-packages] [Bug 1739889] Re: Compiler warning about possiable overflow in devname.c
Hello Michael, thank you for your contribution to Ubuntu! A bug report in Ubuntu is not exactly the correct way to report this, could you please try to submit it upstream? The Ubuntu Sponsors team also only sponsors debdiffs, which has packaging changes as well as the patch. I am unsubscribing that team for now; please resubscribe them if this was incorrect. Thanks again, and apologies for the delay in responding to this bug report. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1739889 Title: Compiler warning about possiable overflow in devname.c Status in util-linux package in Ubuntu: New Bug description: I just compiled mount and got the following warning: libblkid/src/devname.c:166:29: warning: ‘%s’ directive writing up to 255 bytes into a region of size 245 [-Wformat-overflow=] sprintf(path, "/sys/block/%s/slaves", de->d_name); ^~ In file included from /usr/include/stdio.h:862:0, from libblkid/src/devname.c:16: /usr/include/x86_64-linux-gnu/bits/stdio2.h:33:10: note: ‘__builtin___sprintf_chk’ output between 19 and 274 bytes into a destination of size 256 return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, ^~ __bos (__s), __fmt, __va_arg_pack ()); ~ Code preceding this does a length check to prevent overflow. However, the warning was still alarming. The attached patch switches sprintf to snprintf and ups the buffer size to 300. This will silence the compiler and support longer device names. There didn't appear to be any technical reason for the 256 byte limit. If there is we just get a different less alarming truncation warning. This also means we don't need the hard coded length check. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1739889/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1739889] Re: Compiler warning about possiable overflow in devname.c
** Changed in: util-linux (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1739889 Title: Compiler warning about possiable overflow in devname.c Status in util-linux package in Ubuntu: New Bug description: I just compiled mount and got the following warning: libblkid/src/devname.c:166:29: warning: ‘%s’ directive writing up to 255 bytes into a region of size 245 [-Wformat-overflow=] sprintf(path, "/sys/block/%s/slaves", de->d_name); ^~ In file included from /usr/include/stdio.h:862:0, from libblkid/src/devname.c:16: /usr/include/x86_64-linux-gnu/bits/stdio2.h:33:10: note: ‘__builtin___sprintf_chk’ output between 19 and 274 bytes into a destination of size 256 return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, ^~ __bos (__s), __fmt, __va_arg_pack ()); ~ Code preceding this does a length check to prevent overflow. However, the warning was still alarming. The attached patch switches sprintf to snprintf and ups the buffer size to 300. This will silence the compiler and support longer device names. There didn't appear to be any technical reason for the 256 byte limit. If there is we just get a different less alarming truncation warning. This also means we don't need the hard coded length check. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1739889/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1739889] Re: Compiler warning about possiable overflow in devname.c
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1739889 Title: Compiler warning about possiable overflow in devname.c Status in util-linux package in Ubuntu: New Bug description: I just compiled mount and got the following warning: libblkid/src/devname.c:166:29: warning: ‘%s’ directive writing up to 255 bytes into a region of size 245 [-Wformat-overflow=] sprintf(path, "/sys/block/%s/slaves", de->d_name); ^~ In file included from /usr/include/stdio.h:862:0, from libblkid/src/devname.c:16: /usr/include/x86_64-linux-gnu/bits/stdio2.h:33:10: note: ‘__builtin___sprintf_chk’ output between 19 and 274 bytes into a destination of size 256 return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, ^~ __bos (__s), __fmt, __va_arg_pack ()); ~ Code preceding this does a length check to prevent overflow. However, the warning was still alarming. The attached patch switches sprintf to snprintf and ups the buffer size to 300. This will silence the compiler and support longer device names. There didn't appear to be any technical reason for the 256 byte limit. If there is we just get a different less alarming truncation warning. This also means we don't need the hard coded length check. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1739889/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
