1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From 790d7a538f515d27d2390f1ef56c9871b107a346 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Sun, 27 Aug 2017 21:28:40 -0700
Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of
snprintf output
setools fails to build under GCC7 -Wformat -Werror with the following error:
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-sign-compare -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol -Ilibqpol/include -I/usr/include/python3.6m -c libqpol/policy_extend.c -o build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings -Wno-missing-field-initializers -Wno-unused-parameter -Wno-cast-qual -Wno-shadow -Wno-unreachable-code -fno-exceptions
libqpol/policy_extend.c: In function 'policy_extend':
libqpol/policy_extend.c:161:27: error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~~~~~~~
Exceeding 10,000 attributes is necessarily going to result in collisions
inserting into the hash table given this naming scheme, and we already error
out on the first collision; but there will be holes since types are not
handled the same as attributes. Short of making backwards-incompatible
changes to the entry names, this is probably the best way to fix this build
failure while reducing the chances of a hash collision in the unlikely event
that the hashtable is (nearly) full.
Closes: https://github.com/TresysTechnology/setools/issues/174
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
libqpol/policy_extend.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c
index 742819b..70e8f7c 100644
--- a/libqpol/policy_extend.c
+++ b/libqpol/policy_extend.c
@@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
* with this attribute */
/* Does not exist */
if (db->p_type_val_to_name[i] == NULL){
- snprintf(buff, 9, "@ttr%04zd", i + 1);
+ snprintf(buff, 9, "@ttr%04zd", (i + 1) % 10000);
tmp_name = strdup(buff);
if (!tmp_name) {
error = errno;
--
1.8.3.1
|
