Gcc 8 warns on buffer truncation
Description of problem:
Found a bug in the parser for Gnu libtasn1-4.9, they in the case of making the tokens and by that adding a "-" to the string go over the length of their buffer. So the problem is using a sizeof on the buffer size and making the buffer too short. Looks like two problems, this way the problem creeps as you grow the buffer to add room for the "-":
Version of libtasn1 used:
Gnu 1-4.9
Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL)
Gnu source tarball.
How reproducible:
Compile using Gcc 8 using -Werror=format-truncation
Steps to Reproduce:
- one
Unpack tarball and run configure, please see attached config.status.
- two
Make using those flags.
- three
See Gcc flag the error as follows:
Actual results:
GNU C17 (GCC) version 8.2.0 (x86_64-pc-linux-gnu)
compiled by GNU C version 8.2.0, GMP version 6.1.2, MPFR version 4.0.1, MPC version 1.1.0, isl version none
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: 81f798d4ff0871f00b0a4f3f1296b20a
ASN1.c: In function '_asn1_yyparse':
ASN1.y:164:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=]
| '-' NUM {snprintf($$,sizeof($$),"-%s",$2);}
^~~~~
ASN1.y:164:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65
| '-' NUM {snprintf($$,sizeof($$),"-%s",$2);}
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASN1.y:152:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=]
neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);}
^~~~~
ASN1.y:152:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65
neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);}
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Makefile:1112: recipe for target 'ASN1.lo' failedPlease see:
Expected results:
No warning or errors.
Edited by Nikos Mavrogiannopoulos