[vlc-devel] [PATCH] Widen STRNCATF temporary buffer

Marc Gonzalez marc.w.gonzalez at free.fr
Thu Dec 19 11:56:03 CET 2019


On 19/12/2019 11:53, Marc Gonzalez wrote:

> The temporary buffer used in STRNCATF is too small for a few callers,
> which could lead to truncated output in some situations.

Here are the warnings generated by gcc:
(Too verbose to add to commit message)

src/third_party/libdisasm/x86_format.c: In function 'format_operand_xml.isra.3':
src/third_party/libdisasm/x86_format.c:837:5: warning: '%04X' directive output truncated writing 4 bytes into a region of size 1 [-Wformat-truncation=]
     "\t\t<absolute_address segment=\"0x%04" PRIX16 "\"",
     ^
src/third_party/libdisasm/x86_format.c:34:38: note: in definition of macro 'STRNCATF'
         snprintf( _tmp, sizeof _tmp, fmt, data );   \
                                      ^~~
src/third_party/libdisasm/x86_format.c:837:40: note: format string is defined here
     "\t\t<absolute_address segment=\"0x%04" PRIX16 "\"",
src/third_party/libdisasm/x86_format.c:837:5: note: directive argument in the range [0, 65535]
     "\t\t<absolute_address segment=\"0x%04" PRIX16 "\"",
     ^
src/third_party/libdisasm/x86_format.c:34:38: note: in definition of macro 'STRNCATF'
         snprintf( _tmp, sizeof _tmp, fmt, data );   \
                                      ^~~
In file included from /usr/include/stdio.h:862:0,
                 from src/third_party/libdisasm/x86_format.c:1:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output 37 bytes into a destination of size 32
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/third_party/libdisasm/x86_format.c: In function 'x86_format_insn':
src/third_party/libdisasm/x86_format.c:1141:24: warning: '|' directive output may be truncated writing 1 byte into a region of size between 0 and 31 [-Wformat-truncation=]
         STRNCATF( buf, "|%s|", insn->prefix_string             , len );
                        ^
src/third_party/libdisasm/x86_format.c:34:38: note: in definition of macro 'STRNCATF'
         snprintf( _tmp, sizeof _tmp, fmt, data );   \
                                      ^~~
In file included from /usr/include/stdio.h:862:0,
                 from src/third_party/libdisasm/x86_format.c:1:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 3 and 34 bytes into a destination of size 32
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/third_party/libdisasm/x86_format.c:1181:24: warning: '%s' directive output may be truncated writing up to 31 bytes into a region of size 22 [-Wformat-truncation=]
         STRNCATF( buf, "\" string=\"%s\"/>\n", insn->prefix_string, len );
                        ^
src/third_party/libdisasm/x86_format.c:34:38: note: in definition of macro 'STRNCATF'
         snprintf( _tmp, sizeof _tmp, fmt, data );   \
                                      ^~~
In file included from /usr/include/stdio.h:862:0,
                 from src/third_party/libdisasm/x86_format.c:1:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 15 and 46 bytes into a destination of size 32
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


More information about the vlc-devel mailing list