[OpenWrt-Devel] [PATCH] use strncpy instead of strcpy

Khem Raj raj.khem at gmail.com
Thu Dec 26 17:31:22 EST 2019


On Thu, Dec 26, 2019 at 4:50 AM Hauke Mehrtens <hauke at hauke-m.de> wrote:
>
> On 12/24/19 10:50 PM, Petr Štetiar wrote:
> > Khem Raj <raj.khem at gmail.com> [2019-12-24 10:02:13]:
> >
> > Hi,
> >
> > use "PATCH libubox" subject prefix, because there is no blobmsg.c file in the
> > main tree.
> >
> >> Fixes error: '__builtin_strcpy' offset 6 from the object at 'attr' is out of
> >> the bounds of referenced subobject 'name' with type 'uint8_t[0]' {aka
> >> 'unsigned char[0]'} at offset 6 [-Werror=array-bounds]
> >
> > out of curiosity, which target/compiler is that? I'm not able to reproduce
> > it on any of the pre-selected CI targets[1].
>
> Hi Petr,
>
> The fortify headers are preventing some of these warnings, I see them
> when compiling without fortify header or when using glibc.
>
> I started to look into this problem, but it looks more complicated to
> change the fortify headers in a way, that the compile time buffer
> overflow detection still works like expected for all functions which are
> supported by gcc.
>

I do use these flags
-fstack-protector-strong  -D_FORTIFY_SOURCE=2 -Wformat
-Wformat-security -Werror=format-security

and perhaps that combined with gcc10 exposes this issue.

> Please also use a toolchian with glibc when compiling in CI.
>
> Hauke
>

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list