[OpenWrt-Devel] [PATCH] use strncpy instead of strcpy
Rosen Penev
rosenp at gmail.com
Thu Dec 26 17:49:54 EST 2019
On Thu, Dec 26, 2019 at 2:32 PM Khem Raj <raj.khem at gmail.com> wrote:
>
> On Thu, Dec 26, 2019 at 4:50 AM Hauke Mehrtens <hauke at hauke-m.de> wrote:
> >
> > On 12/24/19 10:50 PM, Petr Štetiar wrote:
> > > Khem Raj <raj.khem at gmail.com> [2019-12-24 10:02:13]:
> > >
> > > Hi,
> > >
> > > use "PATCH libubox" subject prefix, because there is no blobmsg.c file in the
> > > main tree.
> > >
> > >> Fixes error: '__builtin_strcpy' offset 6 from the object at 'attr' is out of
> > >> the bounds of referenced subobject 'name' with type 'uint8_t[0]' {aka
> > >> 'unsigned char[0]'} at offset 6 [-Werror=array-bounds]
> > >
> > > out of curiosity, which target/compiler is that? I'm not able to reproduce
> > > it on any of the pre-selected CI targets[1].
> >
> > Hi Petr,
> >
> > The fortify headers are preventing some of these warnings, I see them
> > when compiling without fortify header or when using glibc.
> >
> > I started to look into this problem, but it looks more complicated to
> > change the fortify headers in a way, that the compile time buffer
> > overflow detection still works like expected for all functions which are
> > supported by gcc.
I personally remove this line in my tree:
https://github.com/openwrt/openwrt/blob/master/rules.mk#L200
It's funny that fortify-headers expose a different bug as well.
limits.h ends up being implicitly included. When removing
fortify-headers, several packages end up needing limits.h (I've fixed
some of them).
> >
>
> I do use these flags
> -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat
> -Wformat-security -Werror=format-security
-Wformat=2 exposes more warnings
Note that fixing them helps with reducing compiled size.
>
> and perhaps that combined with gcc10 exposes this issue.
>
> > Please also use a toolchian with glibc when compiling in CI.
> >
> > Hauke
> >
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list