|
From: | Antonio Diaz Diaz |
Subject: | Re: potential buffer overflow in version 1.27 |
Date: | Mon, 23 Jan 2023 20:26:03 +0100 |
User-agent: | Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 |
Hello Michal, Thank you for reporting this. Michal Ambroz wrote:
during compilation of ddrescue 1.27 suggests couple of places which potentially might result in some buffer overflow.
Not a "couple of places". Just one at main_common.cc:278, included from main.cc:162 and from ddrescuelog.cc:107.
main_common.cc:278:28: warning: '%lld' directive output may be truncated writing between 1 and 20 bytes into a region of size 16 [-Wformat-truncation] 278 | snprintf( buf, bufsize, "%lld %s", num, p ); | ^~~~ main_common.cc:278:27: note: directive argument in the range [-9223372036854775807, 9223372036854775807]
This is neither a buffer overflow nor a format truncation. It is a false warning because the absolute value of 'num' can't be larger than six digits with a 64-bit 'long long'.
It seems that GCC should either become more clever and check the actual (not the potential) range, or better yet, revert to the old behavior of assuming that if the programmer uses snprintf with a buffer of a given size it is because he wants that size.
Or are we supposed to waste memory allocating a buffer larger than needed/wanted just to shut up the compiler?
BTW, just one month ago, this same warning in another function was reported[1]. I "fixed" that by increasing the size of the buffer, but now I'm questioning myself if it is wise to increase the size of all buffers just to shut up current compilers.
[1] http://lists.gnu.org/archive/html/bug-ddrescue/2022-12/msg00002.html Best regards, Antonio.
[Prev in Thread] | Current Thread | [Next in Thread] |