Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkcs15-openpgp.c: error: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 2 #1800

Closed
noloader opened this issue Sep 18, 2019 · 4 comments · Fixed by #3069
Closed

pkcs15-openpgp.c: error: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 2 #1800

noloader opened this issue Sep 18, 2019 · 4 comments · Fixed by #3069
Labels
help wanted

Comments

@noloader
Copy link

noloader commented Sep 18, 2019
edited

Problem Description

I'm performing a Sanitizer build. I configured with -fsanitize=undefined. Ultimately I want to run make check with instrumented binaries.

I believe the sanitizers enable extra analysis, and I think that explains the finding below.

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -DOPENSC_CONF_PATH=\"/home/jwalton/tmp-sanitize/etc/opensc.conf\" -DDEFAULT_SM_MODULE_PATH=\"/home/jwalton/tmp-sanitize/lib\" -DDEFAULT_SM_MODULE=\"libsmm-local.so\" -I../../src -I/home/jwalton/tmp-sanitize/include -DNDEBUG -I/home/jwalton/tmp-sanitize/include -I/home/jwalton/tmp-sanitize/include/PCSC -g2 -O2 -fsanitize=undefined -fno-sanitize-recover -march=native -fPIC -pthread -Wall -Wextra -Wno-unused-parameter -Werror -MT libopensc_la-pkcs15-infocamere.lo -MD -MP -MF .deps/libopensc_la-pkcs15-infocamere.Tpo -c pkcs15-infocamere.c  -fPIC -DPIC -o .libs/libopensc_la-pkcs15-infocamere.o
pkcs15-openpgp.c: In function ‘sc_pkcs15emu_openpgp_init’:
pkcs15-openpgp.c:414:28: error: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 2 [-Werror=format-truncation=]
   snprintf(name, 8, "PrivDO%d", i);
                            ^~
pkcs15-openpgp.c:414:21: note: directive argument in the range [1, 2147483646]
   snprintf(name, 8, "PrivDO%d", i);
                     ^~~~~~~~~~
In file included from /usr/include/stdio.h:862:0,
                 from pkcs15-openpgp.c:28:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 8 and 17 bytes into a destination of size 8
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15-openpgp.c:415:29: error: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 2 [-Werror=format-truncation=]
   snprintf(path, 9, "3F00010%d", i);
                             ^~
pkcs15-openpgp.c:415:21: note: directive argument in the range [1, 2147483646]
   snprintf(path, 9, "3F00010%d", i);
                     ^~~~~~~~~~~
In file included from /usr/include/stdio.h:862:0,
                 from pkcs15-openpgp.c:28:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 18 bytes into a destination of size 9
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Makefile:1855: recipe for target 'libopensc_la-pkcs15-openpgp.lo' failed

Proposed Resolution

Sorry, no suggestions for this one. I'm not familiar with OpenPGP and what it expects during initialization.

Steps to reproduce

export MY_PREFIX="/home/jwalton/tmp-sanitize"
export PKG_CONFIG_PATH="$MY_PREFIX/lib/pkgconfig"
export CPPFLAGS="-I$MY_PREFIX/include -DNDEBUG"
export CFLAGS="-g2 -O2 -fsanitize=undefined -fno-sanitize-recover -march=native -fPIC -pthread"
export CXXFLAGS="-g2 -O2 -fsanitize=undefined -fno-sanitize-recover -march=native -fPIC -pthread"
export LDFLAGS="-L$MY_PREFIX/lib -fsanitize=undefined -fno-sanitize-recover -Wl,-R,'$$ORIGIN/../lib' -Wl,-R,$MY_PREFIX/lib -Wl,--enable-new-dtags"
export LIBS="-ldl -lpthread"

./configure \
    --prefix="$MY_PREFIX" \
    --libdir="$MY_PREFIX/lib" \
    --enable-static \
    --enable-shared \
    --with-pic \
    --disable-assert \
    --enable-zlib \
    --enable-openssl

My apologies if this is a false positive. If it is a false positive, then please suggest a workaround.

These may be helpful:

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.3 LTS
Release:	18.04
Codename:	bionic

$ gcc --version
gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0
@noloader
Copy link
Author

I'm not sure if this is correct, but it cleared the issue. The patch is against 0.19.0.

--- src/libopensc/pkcs15-openpgp.c
+++ src/libopensc/pkcs15-openpgp.c
@@ -405,14 +405,14 @@
 	for (i = 1; i <= PGP_NUM_PRIVDO; i++) {
 		sc_pkcs15_data_info_t dat_info;
 		sc_pkcs15_object_t dat_obj;
-		char name[8];
-		char path[9];
+		char name[8+10+1];
+		char path[9+10+1];
 		u8 content[254];
 		memset(&dat_info, 0, sizeof(dat_info));
 		memset(&dat_obj, 0, sizeof(dat_obj));
 
-		snprintf(name, 8, "PrivDO%d", i);
-		snprintf(path, 9, "3F00010%d", i);
+		snprintf(name, sizeof(name), "PrivDO%d", i);
+		snprintf(path, sizeof(path), "3F00010%d", i);
 
 		/* Check if the DO can be read and is not empty. Otherwise we
 		 * won't expose a PKCS#15 DATA object.

@popovec
Copy link
Member

popovec commented Sep 21, 2019

Seems this is a false positive, because i is in range 1..4 here. This is not critical error. The following code may be used to fix this issue:

snprintf(path, 9, "3F00010%c", ('0'+i) & 0xff);

@noloader
Copy link
Author

noloader commented Sep 22, 2019
edited

Thanks @popovec. One small comment:

This is not critical error

When using -Werror it is critical because it breaks the build. The project uses -Werror by default.

@popovec
Copy link
Member

popovec commented Sep 22, 2019

Critical error- cannot be ignored, must be fixed by code change (to prevent code crash, wrong results etc..)

The current code does not cause the program to crash or to generate wrong result.This is not critical error, disabling the format check is enough:

#pragma GCC diagnostic ignored "-Wformat-truncation"
                snprintf(name, 8, "PrivDO%d", i);
                snprintf(path, 9, "3F00010%d", i);

frankmorgner added a commit to frankmorgner/OpenSC that referenced this issue Mar 14, 2024
@frankmorgner
fixed gcc7 format-truncation warning
b6a4fac 
fixes OpenSC#1800
frankmorgner added a commit to frankmorgner/OpenSC that referenced this issue Mar 14, 2024
@frankmorgner
fixed gcc7 format-truncation warning
8c98737 
fixes OpenSC#1800
@frankmorgner frankmorgner mentioned this issue Mar 14, 2024
Merged
5 tasks
frankmorgner added a commit that referenced this issue Mar 18, 2024
@frankmorgner
fixed gcc7 format-truncation warning (#3069)
3fde612 
fixes #1800
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixed gcc7 format-truncation warning frankmorgner/OpenSC
3 participants
@frankmorgner @noloader @popovec