Package: wiggle / 1.1-1

gcc8-format-security.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
From: Carlos Maddela <e7appew@gmail.com>
Date: Fri, 25 Jan 2019 05:04:46 +1100
Subject: Fix format overflow and truncation warnings with GCC-8.

Description: Fix format overflow and truncation warnings with GCC-8.
Author: Carlos Maddela <e7appew@gmail.com>
Forwarded: https://github.com/neilbrown/wiggle/pull/11
Last-Update: 2019-01-25
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---
 extract.c | 26 ++++++++++++++++++--------
 vpatch.c  |  6 +++---
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/extract.c b/extract.c
index a8068d2..c3c47e6 100644
--- a/extract.c
+++ b/extract.c
@@ -118,12 +118,17 @@ int split_patch(struct stream f, struct stream *f1, struct stream *f2)
 			skip_eol(&cp, end);
 			if (state == 1 || state == 3) {
 				char *f;
-				char buf[20];
+				int slen;
+				/* Reserve enough space for 3 integers separated
+				 * by a single space, and prefixed and terminated
+				 * with a null character.
+				 */
+				char buf[(3*12)+1];
 				buf[0] = 0;
 				chunks++;
-				sprintf(buf+1, "%5d %5d %5d", chunks, a, acnt);
-				memcpy(r1.body+r1.len, buf, 18);
-				r1.len += 18;
+				slen = sprintf(buf+1, "%5d %5d %5d", chunks, a, acnt)+1;
+				memcpy(r1.body+r1.len, buf, slen);
+				r1.len += slen;
 				f = func;
 				while (*f == ' ')
 					f++;
@@ -136,11 +141,16 @@ int split_patch(struct stream f, struct stream *f1, struct stream *f2)
 				r1.body[r1.len++] = '\0';
 			}
 			if (state == 2 || state == 3) {
-				char buf[20];
+				int slen;
+				/* Reserve enough space for 3 integers separated
+				 * by a single space, prefixed with a null character
+				 * and terminated with a new line and null character.
+				 */
+				char buf[(3*12)+2];
 				buf[0] = 0;
-				sprintf(buf+1, "%5d %5d %5d\n", chunks, c, bcnt);
-				memcpy(r2.body+r2.len, buf, 20);
-				r2.len += 20;
+				slen = sprintf(buf+1, "%5d %5d %5d\n", chunks, c, bcnt)+2;
+				memcpy(r2.body+r2.len, buf, slen);
+				r2.len += slen;
 			}
 			if (state)
 				func[0] = 0;
diff --git a/vpatch.c b/vpatch.c
index 2c574c8..88633ff 100644
--- a/vpatch.c
+++ b/vpatch.c
@@ -1680,8 +1680,8 @@ static int merge_window(struct plist *p, FILE *f, int reverse, int replace,
 			attrset(A_NORMAL);
 		}
 		if (num >= 0) {
-			char buf[10];
-			snprintf(buf, 10, "%d ", num);
+			char buf[12+1];
+			snprintf(buf, sizeof(buf), "%d ", num);
 			addstr(buf);
 		}
 		if (meta & META(0))
@@ -2487,7 +2487,7 @@ static int get_next(int pos, struct plist *pl, int n, int mode,
 static void draw_one(int row, struct plist *pl, FILE *f, int reverse,
 		     int ignore_blanks, int just_diff)
 {
-	char hdr[12];
+	char hdr[2*12];
 	hdr[0] = 0;
 
 	if (pl == NULL) {