Some patches to compile with gcc-next
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Wed Nov 2 20:52:07 UTC 2016
GCC is developing new -Wformat-length gripes when it knows snprintf
will truncate output even when the buffer isn't overflowing. This
affects Samba in a few places, which can be dealt with using four
patches -- some of which are ALMOST CERTAINLY NOT CORRECT.
Typical output looks like:
../lib/replace/test/os2_delete.c: In function ‘os2_delete’:
../lib/replace/test/os2_delete.c:74:41: error: ‘%s’ directive output may be truncated writing between 0 and 255 bytes into a region of size 30 [-Werror=format-length=]
snprintf(names[i], sizeof(names[i]), "%s", de->d_name);
^~
../lib/replace/test/os2_delete.c:74:3: note: format output between 1 and 256 bytes into a destination of size 30
snprintf(names[i], sizeof(names[i]), "%s", de->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this case it looks like this test is using snprintf to truncate on
purpose, and that is fine. For this I modified the relevant
wscript_build to disable the error. At first I thought I needed to use
"-Wno-format-length", but it seems "-Wformat-length" also does the
trick by turning the -Werror back into a warning.
Of the 4 patches, 2 I am not sure about. It looks to me like we know
what we're doing here:
../source3/modules/vfs_shadow_copy.c: In function ‘shadow_copy_get_shadow_copy_data’:
../source3/modules/vfs_shadow_copy.c:283:73: error: ‘%s’ directive output may be truncated writing between 0 and 255 bytes into a region of size 25 [-Werror=format-length=]
snprintf(tlabels[shadow_copy_data->num_volumes++], sizeof(*tlabels), "%s",d->d_name);
^~
../source3/modules/vfs_shadow_copy.c:283:3: note: format output between 1 and 256 bytes into a destination of size 25
snprintf(tlabels[shadow_copy_data->num_volumes++], sizeof(*tlabels), "%s",d->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and here:
../source3/lib/messages_dgm.c: In function ‘messaging_dgm_out_create’:
../source3/lib/messages_dgm.c:228:12: warning: ‘%s’ directive output may be truncated writing between 0 and 109 bytes into a region of size 108 [-Wformat-length=]
"%s/%u", ctx->socket_dir.buf, (unsigned)pid);
^~
../source3/lib/messages_dgm.c:227:14: note: format output between 3 and 121 bytes into a destination of size 108
out_pathlen = snprintf(addr.sun_path, sizeof(addr.sun_path),
~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%s/%u", ctx->socket_dir.buf, (unsigned)pid);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
but I may be wrong (for the second one, the truncation will not
actually happen as pid is presumably uint16_t with a maximum of 5
characters, while the warning sees %u and assumes up to 10 chars).
Turning the error off for lib/replace tests is necessary, because we
have 'test_snprintf' that specifically tries these things.
The real bug is in smbclient, which I think I have fixed. There it was
trying to overwrite a string like "stdin-<pid>" onto the considerably
shorter string "-", but the snprintf limit was actually set to
sizeof(char *) - 1.
../source4/client/client.c: In function ‘cmd_print’:
../source4/client/client.c:1545:45: error: output truncated before the last format character [-Werror=format-length=]
slprintf(rname, sizeof(rname)-1, "stdin-%d", (int)getpid());
~~~~~~~~^
In file included from ../source4/include/includes.h:23:0,
from ../source4/client/client.c:32:
../lib/replace/../replace/replace.h:510:18: note: format output between 8 and 18 bytes into a destination of size 7
#define slprintf snprintf
../source4/client/client.c:1545:3: note: in expansion of macro ‘slprintf’
slprintf(rname, sizeof(rname)-1, "stdin-%d", (int)getpid());
^~~~~~~~
cheers,
Douglas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcc-7-format-width.patch
Type: text/x-diff
Size: 4854 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161103/0b062932/gcc-7-format-width.diff>
More information about the samba-technical
mailing list