Bug#897892: zookeeper: ftbfs with GCC-8

Adrian Bunk bunk at debian.org
Sat Jun 23 18:51:14 BST 2018 

Control: tags -1 - help

On Fri, May 04, 2018 at 12:24:12PM +0000, Matthias Klose wrote:
>...
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c src/zookeeper.c  -fPIC -DPIC -o .libs/zookeeper.o
> src/zookeeper.c: In function 'format_endpoint_info':
> src/zookeeper.c:3469:21: error: '%d' directive writing between 1 and 5 bytes into a region of size between 0 and 127 [-Werror=format-overflow=]
>      sprintf(buf,"%s:%d",addrstr,ntohs(port));
>                      ^~
> src/zookeeper.c:3469:17: note: directive argument in the range [0, 65535]
>      sprintf(buf,"%s:%d",addrstr,ntohs(port));
>                  ^~~~~~~
> In file included from /usr/include/stdio.h:862,
>                  from ./include/zookeeper.h:29,
>                  from src/zookeeper.c:27:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:33:10: note: '__builtin___sprintf_chk' output between 3 and 134 bytes into a destination of size 128
>    return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
>           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>        __bos (__s), __fmt, __va_arg_pack ());
>        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>...

The relevant code is:

...
    static char buf[128];
    char addrstr[128];
...
    inet_ntop(ep->ss_family,inaddr,addrstr,sizeof(addrstr)-1);
    sprintf(buf,"%s:%d",addrstr,ntohs(port));
...


Both addrstr and buf have a size of 128.

After the inet_ntop() call addrstr might contain up to 128 characters 
(including \0 termination).

buf is a concatenation of addrstr, ':' and ntohs(port) into a string.
That's up to 127(addrstr) + 1(:) + 5(ntohs) + 1(\0) = 134 characters.

134 > 128

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

More information about the pkg-java-maintainers mailing list