[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
potential buffer overflow in version 1.27
|
From: |
Michal Ambroz |
|
Subject: |
potential buffer overflow in version 1.27 |
|
Date: |
Mon, 23 Jan 2023 18:58:21 +0100 (CET) |
Hello,
during compilation of ddrescue 1.27 suggests couple of places which
potentially might result in some buffer overflow. Please can you check
these?
-----
g++ -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches
-pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_
ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -f
stack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64
-mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-
protection -DPROGVERSION=\"1.27\" -c -o main.o main.cc
In file included from main.cc:162:
main_common.cc: In function 'format_num(long long, long long, int)':
main_common.cc:278:28: warning: '%lld' directive output may be truncated
writing between 1 and 20 bytes into a region of size 16 [-Wformat-truncation
=]
278 | snprintf( buf, bufsize, "%lld %s", num, p );
| ^~~~
main_common.cc:278:27: note: directive argument in the range [-
9223372036854775807, 9223372036854775807]
278 | snprintf( buf, bufsize, "%lld %s", num, p );
| ^~~~~~~~~
In file included from /usr/include/stdio.h:906,
from /usr/include/c++/12/cstdio:42,
from main.cc:30:
In function 'snprintf',
inlined from 'format_num(long long, long long, int)' at main_common.cc:
278:11:
/usr/include/bits/stdio2.h:54:35: note: '__snprintf_chk' output between 3
and 22 bytes into a destination of size 16
54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL -
1,
| ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~
55 | __glibc_objsize (__s), __fmt,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
56 | __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~
----------
g++ -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -
pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_
ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fs
tack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -
mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-
protection -o ddrescue arg_parser.o rational.o non_posix.o lo
ggers.o block.o mapfile.o mapbook.o fillbook.o genbook.o io.o rescuebook.o
command_mode.o main.o
In file included from ddrescuelog.cc:107:
main_common.cc: In function 'format_num(long long, long long, int)':
main_common.cc:278:28: warning: '%lld' directive output may be truncated
writing between 1 and 20 bytes into a region of size 16 [-Wformat-truncation
=]
278 | snprintf( buf, bufsize, "%lld %s", num, p );
| ^~~~
main_common.cc:278:27: note: directive argument in the range [-
9223372036854775807, 9223372036854775807]
278 | snprintf( buf, bufsize, "%lld %s", num, p );
| ^~~~~~~~~
In file included from /usr/include/stdio.h:906,
from /usr/include/c++/12/cstdio:42,
from ddrescuelog.cc:27:
In function 'snprintf',
inlined from 'format_num(long long, long long, int)' at main_common.cc:
278:11:
/usr/include/bits/stdio2.h:54:35: note: '__snprintf_chk' output between 3
and 22 bytes into a destination of size 16
54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL -
1,
| ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~
55 | __glibc_objsize (__s), __fmt,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
56 | __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~
Best regards
Michal Ambroz
- potential buffer overflow in version 1.27,
Michal Ambroz <=