On Sun, 04 Feb 2018 14:49:15 -0500, Ken Hornstein said:
nmh builds mostly OK under it, and passes 'make check'. However,
there's a whole mess of new warnings, which all root-cause to the
fact that gcc8 apparently does sanity checking on whether the code
has bounds-checked the length parameter of snprintf() and friends
before using it, and special-case notification when it's obvious that
the destination won't get null-terminated.
I'm ... a little confused. Is the "right" way to deal with that by
adr[sizeof(adr) - 1] = '\0';
strncpy(adr, ap->text, sizeof(adr) - 1);
That's one way to do it. It's possible that a code audit will show that the
calling code always does the right thing, and no action is needed. That's
of course very brittle, as it doesn't catch new occurrences dropped into
I'd be quite surprised if we don't have at least one off-by-one error
in there. I haven't gotten brave enough to wade in and try to follow
the code yet.
Or something else? A quick Google suggests most people "fix" this by
adding -Wno-stringop-truncation to the build options.
When you look at how many security issues are caused by strings running off
the end of a buffer, that's indeed a "fix" rather than an actual repair.
Description: PGP signature