Compiler warning about possiable overflow in devname.c

Bug #1739889 reported by michael on 2017-12-23
This bug affects 1 person
Affects Status Importance Assigned to Milestone
util-linux (Ubuntu)

Bug Description

I just compiled mount and got the following warning:

libblkid/src/devname.c:166:29: warning: ‘%s’ directive writing up to 255 bytes into a region of size 245 [-Wformat-overflow=]
   sprintf(path, "/sys/block/%s/slaves", de->d_name);
In file included from /usr/include/stdio.h:862:0,
                 from libblkid/src/devname.c:16:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:33:10: note: ‘__builtin___sprintf_chk’ output between 19 and 274 bytes into a destination of size 256
   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
       __bos (__s), __fmt, __va_arg_pack ());

Code preceding this does a length check to prevent overflow. However, the warning was still alarming. The attached patch switches sprintf to snprintf and ups the buffer size to 300. This will silence the compiler and support longer device names. There didn't appear to be any technical reason for the 256 byte limit. If there is we just get a different less alarming truncation warning. This also means we don't need the hard coded length check.

michael (reeves-87) wrote :
Phillip Susi (psusi) on 2018-03-01
tags: added: patch
Changed in util-linux (Ubuntu):
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers